CVE-2025-58752
unknown
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
โ
Description
Vite's `server.fs` settings were not applied to HTML files
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
References
- https://github.com/vitejs/vite/security/advisories/GHSA-jqfw-vq24-v9c3
- https://nvd.nist.gov/vuln/detail/CVE-2025-58752
- https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f
- https://github.com/vitejs/vite/commit/14015d794f69accba68798bd0e15135bc51c9c1e
- https://github.com/vitejs/vite/commit/482000f57f56fe6ff2e905305100cfe03043ddea
- https://github.com/vitejs/vite/commit/6f01ff4fe072bcfcd4e2a84811772b818cd51fe6
- https://github.com/vitejs/vite
- https://github.com/vitejs/vite/blob/v7.1.5/packages/vite/CHANGELOG.md
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.