CVE-2025-59427

Sažetak

The Cloudflare Vite plugin enables a full-featured integration between Vite and the Workers runtime. When utilising the Cloudflare Vite plugin in its default configuration, all files are exposed by the local dev server, including files in the root directory that contain secret information such as .env and .dev.vars. This vulnerability is fixed in 1.6.0.

Reference

https://github.com/cloudflare/workers-sdk/commit/0e500720bf70016fa4ea21fc8959c4bd764ebc38
https://github.com/cloudflare/workers-sdk/discussions/3455#discussioncomment-6165773
https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-4pfg-2mw5-f8jx
https://hackerone.com/reports/3117837

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

22-09-2025 - 21:23

Objavljeno

19-09-2025 - 16:15