CVE-2025-58752: Vite's `server.fs` settings were not applied to HTML files
Any HTML files on the machine were served regardless of the server.fs settings.
References
- github.com/advisories/GHSA-jqfw-vq24-v9c3
- github.com/vitejs/vite
- github.com/vitejs/vite/blob/v7.1.5/packages/vite/CHANGELOG.md
- github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f
- github.com/vitejs/vite/commit/14015d794f69accba68798bd0e15135bc51c9c1e
- github.com/vitejs/vite/commit/482000f57f56fe6ff2e905305100cfe03043ddea
- github.com/vitejs/vite/commit/6f01ff4fe072bcfcd4e2a84811772b818cd51fe6
- github.com/vitejs/vite/security/advisories/GHSA-jqfw-vq24-v9c3
- nvd.nist.gov/vuln/detail/CVE-2025-58752
Code Behaviors & Features
Detect and mitigate CVE-2025-58752 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →