Vite

Security Risk Profile

/100

low

Security Risk Score

Comprehensive risk assessment based on 8 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from January 20, 2025 to present

Total CVEs

Critical+High

Exploited

Unpatched

Threat Assessment

Avg CVSS

5.3

Base severity

Avg EPSS

Exploit probability

Unpatched

Critical/High

Risk Level

33/100

low

⚠️ 3 Active Exploits

Severity Distribution

Critical

High

Medium

Low

Exploit Likelihood

>50% chance

20-50%

5-20%

<5%

Age Distribution

Common Weaknesses (CWE)

Infoleak

Path Traversal

Most Affected Products

1. npm/vite31

2. vitejs Vite Node.js21

3. Vite Vite14

4. Meta React4

5. IBM Concert Software4

Recent Vulnerabilities

See more →

https://www.theregister.com/2025/12/03/exploitation_is_imminent_react_vulnerability/

unknown

'Exploitation is imminent' as 39 percent of cloud environs have max-severity React hole

12/3/2025⚠ Exploited🔧 No Patch

CVE-2025-58752

CVSS 2.3low

Vite's `server.fs` settings were not applied to HTML files

9/8/2025

CVE-2025-58751

CVSS 2.3low

Vite middleware may serve files starting with the same name with the public directory

9/8/2025

CVE-2025-32395

CVSS 6.0EPSS 0%medium

Vite has an `server.fs.deny` bypass with an invalid `request-target`

4/10/2025

CVE-2025-31486

CVSS 5.3EPSS 0%medium

Vite allows server.fs.deny to be bypassed with .svg or relative paths

4/3/2025

CVE-2025-31125

CVSS 7.5EPSS 0%high

Vite Vitejs Improper Access Control Vulnerability

3/31/2025⚠ Exploited

CVE-2025-30208

CVSS 7.5EPSS 40%high

Vite bypasses server.fs.deny when using `?raw??`

3/24/2025⚠ Exploited

CVE-2025-24010

CVSS 6.5EPSS 0%medium

Vite allows any websites to send any requests to the development server and read the response

1/20/2025

Monitor Vite in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free Trial Book a Demo