HTML File Exposure in Vite Framework by Vitejs
CVE-2025-58752

2.3LOW

Key Information:

Vendor

Vitejs

Status
Vite
Vendor
CVE Published:
8 September 2025

What is CVE-2025-58752?

The Vite framework for frontend tooling possesses a vulnerability that allows the serving of any HTML files present on the machine, contrary to specified server file system settings. This issue arises when the Vite dev server is exposed to the network through configuration options. Notably, it also impacts the preview server, enabling the exposure of HTML files outside the intended output directory. This flaw has been addressed in versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

vite < 5.4.20 < 5.4.20

vite >= 6.0.0, < 6.3.6 < 6.0.0, 6.3.6

vite >= 7.0.0, < 7.0.7 < 7.0.0, 7.0.7

References

https://github.com/vitejs/vite/security/advisories/GHSA-j...
x_refsource_CONFIRM
https://github.com/vitejs/vite/commit/0ab19ea9fcb66f54432...
x_refsource_MISC
https://github.com/vitejs/vite/commit/14015d794f69accba68...
x_refsource_MISC

CVSS V4

Score:
2.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.