Vite Plugin Vulnerability Exposes Sensitive Files in Cloudflare Integration
CVE-2025-59427

2.9LOW

Key Information:

Vendor: Cloudflare
Status: Workers-sdk
Vendor: CVE Published:; 19 September 2025

What is CVE-2025-59427?

The Cloudflare Vite plugin, designed to integrate Vite with Workers runtime, poses a serious risk when left in default settings. It unintentionally exposes all files served by the local development server, including critical files in the root directory like .env and .dev.vars. Such exposure can lead to serious security breaches by revealing sensitive information to unauthorized users. It is crucial to upgrade to version 1.6.0 or later to mitigate this risk effectively.