<ul><li>Chaitin Tech discovered an arbitrary file read vulnerability (CVE-2025-31125) in Vite, a popular frontend build tool used in JavaScript and TypeScript web development.</li><li>The vulnerability allows attackers to read sensitive files on the server by crafting special URLs, impacting Vite versions 4.5.10 to 6.2.3.</li><li>The Vite team has released patches (6.2.4, 6.1.3, 6.0.13, 5.4.16, 4.5.11) to address the issue and users are advised to update through npm update vite.</li><li>Mitigation steps include restricting network access and enforcing file permissions until the update can be applied to prevent exploitation of this high-risk vulnerability.</li></ul>

Arbitrary File Read Vulnerability in Vite (CVE-2025-31125)

Discover more