CVE-2025-32395 — Vulnetix

CVE-2025-32395 PUBLISHED CVSS 6 MEDIUM

Vite has an `server.fs.deny` bypass with an invalid `request-target`

EPSS 3.17% · 87.2th percentile

Risk Scores

CVSS v4.0

6

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS Score

3.17%

87.2th percentile

Affected Products

Vendor	Product	Versions
vitejs	vite	>= 6.2.0, < 6.2.6, >= 6.1.0, < 6.1.5, >= 6.0.0, < 6.0.15
npm	vite	6.2.0, 6.0.0, 5.0.0

Timeline

Jan 21, 1970 Security Advisory
Nov 10, 2022 CrowdSec Sighting
Dec 30, 2023 CrowdSec Sighting
Apr 10, 2025 CVE Published
Apr 10, 2025 CVE Updated
Apr 10, 2025 PoC Published
Apr 11, 2025 EPSS Score
Apr 24, 2025 EPSS Score
May 6, 2025 EPSS Score
May 19, 2025 EPSS Score
May 31, 2025 EPSS Score
Jun 7, 2025 Coalition ESS Score

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›