What is CVE-2025-24010?

CVE-2025-24010 is a medium-severity vulnerability in Vitejs Vite, classified under Origin Validation Error. CVSS score: 6.5/10. Published 2025-01-20.

How severe is CVE-2025-24010?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Is CVE-2025-24010 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Vitejs Vite

CVE-2025-24010

Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket conn…

EPSS: 0.001 (25.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N.

Affected products

Vitejs Vite — versions >= 6.0.0, < 6.0.9, >= 5.0.0, < 5.4.12, < 4.5.6

Weakness classification (CWE)

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2025-24010?: CVE-2025-24010 is a medium-severity vulnerability in Vitejs Vite, classified under Origin Validation Error. CVSS score: 6.5/10. Published 2025-01-20.
How severe is CVE-2025-24010?: Medium severity. CVSS v3 base score is 6.5 out of 10.
Is CVE-2025-24010 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.