What is CVE-2025-58752?

CVE-2025-58752 is a vulnerability in Vitejs Vite, classified under Relative Path Traversal. Published 2025-09-08.

Is CVE-2025-58752 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Vitejs Vite

CVE-2025-58752

Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, any HTML files on the machine were served regardless of the `server.fs` settings. Only apps that explicitly expose the Vite dev server…

EPSS: 0.000 (8.0th percentile) — read the EPSS interpretation.

Affected products

Vitejs Vite — versions < 5.4.20, >= 6.0.0, < 6.3.6, >= 7.0.0, < 7.0.7

Weakness classification (CWE)

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

https://github.com/vitejs/vite/security/advisories/GHSA-jqfw-vq24-v9c3 (x_refsource_CONFIRM)
https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f (x_refsource_MISC)
https://github.com/vitejs/vite/commit/14015d794f69accba68798bd0e15135bc51c9c1e (x_refsource_MISC)
https://github.com/vitejs/vite/commit/482000f57f56fe6ff2e905305100cfe03043ddea (x_refsource_MISC)
https://github.com/vitejs/vite/commit/6f01ff4fe072bcfcd4e2a84811772b818cd51fe6 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-58752?: CVE-2025-58752 is a vulnerability in Vitejs Vite, classified under Relative Path Traversal. Published 2025-09-08.
Is CVE-2025-58752 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.