CVE-2025-31125: Vite Vitejs Improper Access Control Vulnerability. Vite
Vite Vitejs Improper Access Control Vulnerability. Vite Vitejs contains an improper access control vulnerability that exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected.
- CISA KEV-listed (remediation due 2026-02-12)
- EPSS 83.2% (99.3% percentile)