CVE-2025-30359: webpack-dev-server users' source code may be stolen when they access a malicious web site
(updated )
Source code may be stolen when you access a malicious web site.
Source code may be stolen when you use output.iife: false and access a malicious web site.
References
- github.com/advisories/GHSA-4v9v-hfq4-rm2v
- github.com/webpack/webpack-dev-server
- github.com/webpack/webpack-dev-server/commit/5c9378bb01276357d7af208a0856ca2163db188e
- github.com/webpack/webpack-dev-server/commit/d2575ad8dfed9207ed810b5ea0ccf465115a2239
- github.com/webpack/webpack-dev-server/security/advisories/GHSA-4v9v-hfq4-rm2v
- nvd.nist.gov/vuln/detail/CVE-2025-30359
Code Behaviors & Features
Detect and mitigate CVE-2025-30359 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →