Path Traversal in Vitejs Vite

CVE-2025-62522

Vite is a frontend tooling framework for JavaScript. In versions from 2.9.18 to before 3.0.0, 3.2.9 to before 4.0.0, 4.5.3 to before 5.0.0, 5.2.6 to before 5.4.21, 6.0.0 to before 6.4.1, 7.0.0 to before 7.0.8, and 7.1.0 to before 7.1.11, f…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.011 (78.4th percentile) — read the EPSS interpretation.

Affected products

Vitejs Vite — versions >= 7.1.0, < 7.1.11, >= 7.0.0, < 7.0.8, >= 6.0.0, < 6.4.1

Weakness classification (CWE)

CWE-22 — Path Traversal

References

https://github.com/vitejs/vite/security/advisories/GHSA-93m4-6634-74q7 (x_refsource_CONFIRM)
https://github.com/vitejs/vite/commit/f479cc57c425ed41ceb434fecebd63931b1ed4ed (x_refsource_MISC)