What is CVE-2025-59341?

CVE-2025-59341 is a vulnerability in Esm-dev Esm.sh, classified under Relative Path Traversal. Published 2025-09-17.

Is CVE-2025-59341 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Esm-dev Esm.sh

CVE-2025-59341

esm.sh is a nobuild content delivery network(CDN) for modern web development. In 136 and earlier, a Local File Inclusion (LFI) issue was identified in the esm.sh service URL handling. An attacker could craft a request that causes the serve…

EPSS: 0.009 (76.1th percentile) — read the EPSS interpretation.

Affected products

Esm-dev Esm.sh — versions <= 136

Weakness classification (CWE)

CWE-23 — Relative Path Traversal

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

https://github.com/esm-dev/esm.sh/security/advisories/GHSA-49pv-gwxp-532r (x_refsource_CONFIRM)
https://github.com/esm-dev/esm.sh/blob/c62f191d32639314ff0525d1c3c0e19ea2b16143/server/router.go#L1168 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-59341?: CVE-2025-59341 is a vulnerability in Esm-dev Esm.sh, classified under Relative Path Traversal. Published 2025-09-17.
Is CVE-2025-59341 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.