Skip to content

CVE lookup

CVE-2025-30208

Pruva has a verified reproduction for CVE-2025-30208: Vite dev server access control can be bypassed using crafted query strings, allowing arbitrary file reads via the @fs handler when the dev server is exposed to the network.. The canonical evidence record is REPRO-2026-00195.

REPRO

REPRO-2026-00195

Package

vite · npm

Severity

MEDIUM

Status

published