CVE-2025-24010

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 20, 2025

CWE ID 346

CWE ID 350

CWE ID 1385

Summary

CVE-2025-24010 is a vulnerability affecting Vite, a frontend tooling framework for JavaScript. This issue permits any website to send unchecked requests to the development server via WebSocket connections, potentially allowing the leaking of response data due to lax CORS settings and lacking validation on the Origin header. This vulnerability has been addressed in Vite versions 6.0.9, 5.4.12, and 4.5.6.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2h8eOJ
https://www.cve.org/CVERecord?id=CVE-2025-24010
https://nvd.nist.gov/vuln/detail/CVE-2025-24010

Back to Vulnerability Database

CVE-2025-24010

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations