Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Fri, 19 Sep 2025 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:vitejs:vite:*:*:*:*:*:node.js:*:* |
Tue, 21 Jan 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 21 Jan 2025 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Mon, 20 Jan 2025 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vulnerability is fixed in 6.0.9, 5.4.12, and 4.5.6. | |
Title | Vite allows any websites to send any requests to the development server and read the response | |
Weaknesses | CWE-1385 CWE-346 CWE-350 |
|
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-01-21T14:52:53.680Z
Reserved: 2025-01-16T17:31:06.457Z
Link: CVE-2025-24010

Updated: 2025-01-21T14:51:16.294Z

Status : Analyzed
Published: 2025-01-20T16:15:28.730
Modified: 2025-09-19T18:35:59.963
Link: CVE-2025-24010


Updated: 2025-07-12T15:26:16Z