Cross-Site Scripting Vulnerability in Nuxt DevTools by Vercel
CVE-2025-52662

6.9MEDIUM

Key Information:

Vendor: Vercel
Status: Nuxt Devtools
Vendor: CVE Published:; 7 November 2025

What is CVE-2025-52662?

A vulnerability in Nuxt DevTools allowed for the extraction of Nuxt authentication tokens through Cross-Site Scripting (XSS) under specific configurations. This issue has been addressed in version 2.6.4, and users are urged to upgrade their installations to maintain the integrity of their applications. For more information, visit the official changelog.

Affected Version(s)

Nuxt Devtools 2.6.3

References

https://github.com/nuxt/devtools/commit/7cadbbe9

https://vercel.com/changelog/cve-2025-52662-xss-on-nuxt-d...

CVSS V3.1

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 7, 2025
Vulnerability Reserved
Jun 18, 2025

JSON