File Accessibility Vulnerability in Vite Plugin by Sapphi-red
CVE-2025-57753

6MEDIUM

Key Information:

Vendor: SAPphi-red
Status: Vite-plugin-static-copy
Vendor: CVE Published:; 21 August 2025

What is CVE-2025-57753?

The vite-plugin-static-copy, used within the Vite framework, contains a vulnerability that allows unauthorized access to files not placed in the 'src' directory. This issue is exploited through crafted requests, compromising the security of web applications that rely on this plugin. It is crucial for users of vite-plugin-static-copy to update to versions 2.3.2 and 3.1.2 or later to mitigate this risk.

Affected Version(s)

vite-plugin-static-copy >= 3.0.0, < 3.1.2 < 3.0.0, 3.1.2

vite-plugin-static-copy >= 0.4.3, < 2.3.2 < 0.4.3, 2.3.2

References

https://github.com/sapphi-red/vite-plugin-static-copy/sec...

x_refsource_CONFIRM

CVSS V4

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 21, 2025
Vulnerability Reserved
Aug 19, 2025

SAPphi-red

What is CVE-2025-57753?

Affected Version(s)

References

CVSS V4

Timeline