<ul><li>A critical Vite file read vulnerability (CVE-2025-30208) was disclosed in March 2025, allowing attackers to read sensitive files from the host server.</li><li>The vulnerability stems from how Vite handles certain query parameters, enabling attackers to access files outside the allowed directory scope.</li><li>The impact includes arbitrary file read on the host machine, potential credential leakage, and a severity level classified as high.</li><li>To address the vulnerability, users are recommended to upgrade to patched versions immediately or follow temporary mitigations if unable to upgrade yet.</li></ul>

Vite File Read Vulnerability Exposed (CVE-2025-30208)

Discover more