CVE-2025-24010

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 20, 2025
CWE ID 346
CWE ID 350
CWE ID 1385

Summary

CVE-2025-24010 is a vulnerability affecting Vite, a popular frontend tooling framework for JavaScript. This issue allowed any websites to make unauthenticated requests to the development server and receive responses, due to insecure default CORS settings and insufficient validation of the Origin header for WebSocket connections. This vulnerability posed a significant risk for data exposure during development stages. The vulnerability has been addressed in Vite versions 6.0.9, 5.4.12, and 4.5.6.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share