VIR Vulnerability Intelligence Relay

CVE-2025-46565

unknown
Published 2025-04-30 · Modified 2026-02-04
CVSS v3
CVSS v2
VIR risk

Description

Vite's server.fs.deny bypassed with /. for files under project root

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Package impact
EcosystemPackageVulnerableFixed
npm npmvite>=6.3.0,<6.3.46.3.4
npm npmvite>=6.2.0,<6.2.76.2.7
npm npmvite>=6.0.0,<6.1.66.1.6
npm npmvite>=5.0.0,<5.4.195.4.19
npm npmvite<4.5.144.5.14

References

Verify integrity in audit chain (admin only). AS-IS.