VDB

CVE-2025-46565

CVE-2025-46565 PUBLISHED CVSS 6 MEDIUM

Vite's server.fs.deny bypassed with /. for files under project root

EPSS 1.44% · 81.0th percentile

Risk Scores

CVSS v4.0
6
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
EPSS Score
1.44%
81.0th percentile

Affected Products

VendorProductVersions
npmvite6.3.0, 6.2.0, 6.0.0
vitejsvite0, 5.0.0, >= 6.3.0, < 6.3.4

Timeline

  • Jan 21, 1970 Security Advisory
  • Apr 30, 2025 CVE Published
  • May 2, 2025 EPSS Score
  • May 5, 2025 PoC Published
  • May 14, 2025 EPSS Score
  • May 26, 2025 EPSS Score
  • Jun 6, 2025 EPSS Score
  • Jun 7, 2025 Coalition ESS Score
  • Jun 11, 2025 Coalition ESS Score
  • Jun 18, 2025 EPSS Score
  • Jun 30, 2025 EPSS Score
  • Jul 12, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›