Vulnerability in Nuxt

CVE-2025-24361

Nuxt is an open-source web development framework for Vue.js. Source code may be stolen during dev when using version 3.0.0 through 3.15.12 of the webpack builder or version 3.12.2 through 3.152 of the rspack builder and a victim opens a ma…

EPSS: 0.003 (24.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N.

Affected products

  • Nuxt — versions >= 3.0.0, < 3.15.3, >= 3.12.2, < 3.15.3

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2025-24361?
CVE-2025-24361 is a medium-severity vulnerability in Nuxt, classified under CWE-749. CVSS score: 5.3/10. Published 2025-01-25.
How severe is CVE-2025-24361?
Medium severity. CVSS v3 base score is 5.3 out of 10.