PT-2025-34242 · Vite · Vite-Plugin-Static-Copy
Ikkisoft
·
Published
2025-08-21
·
Updated
2025-08-21
·
CVE-2025-57753
CVSS v4.0
6.0
Medium
| Vector | AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
vite-plugin-static-copy versions prior to 2.3.2
vite-plugin-static-copy versions prior to 3.1.2
Description:
The vite-plugin-static-copy plugin for Vite allows access to files not included in the
src directory through a crafted request. This can lead to the disclosure of arbitrary files on the filesystem. The vulnerability affects applications explicitly exposing the Vite dev server to the network. An attacker can exploit this issue by sending a specially crafted HTTP request to access files outside the intended directory.Recommendations:
vite-plugin-static-copy versions prior to 2.3.2: Update to version 2.3.2 or later.
vite-plugin-static-copy versions prior to 3.1.2: Update to version 3.1.2 or later.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vite-Plugin-Static-Copy