CVE-2025-24361

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jan 25, 2025

CWE ID 749

Summary

CVE-2025-24361 is a vulnerability affecting Nuxt, an open-source web development framework for Vue.js. This issue, which impacts versions 3.0.0 through 3.15.12 of the webpack builder and 3.12.2 through 3.152 of the rspack builder, allows an attacker to steal source code. By injecting a malicious script on a victim's site, the attacker can exploit the lack of same origin policy enforcement for script requests. Utilizing `Function::toString` against `window.webpackChunknuxt_app`, the attacker can gain access to the stolen code. Nuxt addresses this issue with version 3.15.13.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2owulR
https://www.cve.org/CVERecord?id=CVE-2025-24361
https://nvd.nist.gov/vuln/detail/CVE-2025-24361

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2025-24361

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations