What is CVE-2025-46565?

CVE-2025-46565 is a vulnerability in Vitejs Vite, classified under Path Traversal. Published 2025-05-01.

Is CVE-2025-46565 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Vitejs Vite

CVE-2025-46565

Vite is a frontend tooling framework for javascript. Prior to versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14, the contents of files in the project root that are denied by a file matching pattern can be returned to the browser. Only apps…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.014 (81.0th percentile) — read the EPSS interpretation.

Affected products

Vitejs Vite — versions >= 6.3.0, < 6.3.4, >= 6.2.0, < 6.2.7, >= 6.0.0, < 6.1.6

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

https://github.com/vitejs/vite/security/advisories/GHSA-859w-5945-r5v3 (x_refsource_CONFIRM)
https://github.com/vitejs/vite/commit/c22c43de612eebb6c182dd67850c24e4fab8cacb (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-46565?: CVE-2025-46565 is a vulnerability in Vitejs Vite, classified under Path Traversal. Published 2025-05-01.
Is CVE-2025-46565 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.