CVE-2025-56647

Name of the Vulnerable Software and Affected Versions @farmfe/core versions prior to 1.7.6

Description The development server does not validate the origin when establishing WebSocket connections. This allows attackers to monitor developers using Farm who visit a malicious webpage and potentially steal source code exposed through the WebSocket server.

Recommendations Update @farmfe/core to version 1.7.6 or later.