CVE-2025-58751

Name of the Vulnerable Software and Affected Versions: Vite versions prior to 7.1.5 Vite versions prior to 7.0.7 Vite versions prior to 6.3.6 Vite versions prior to 5.4.20

Description: Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name within the public directory could be served bypassing the server.fs settings. Only applications that explicitly expose the Vite dev server to the network (using --host or server.host config option), utilize the public directory feature (enabled by default), and contain a symlink in the public directory are affected.

Recommendations: Update to Vite version 7.1.5 or later. Update to Vite version 7.0.7 or later. Update to Vite version 6.3.6 or later. Update to Vite version 5.4.20 or later.