CVE-2025-32395 Vite Vulnerability Exposes Sensitive Files - #CVE-2025-32395
A critical vulnerability (CVE-2025-32395) has been discovered in Vite, a popular frontend development tool, affecting its development servers on Node.js and Bun environments. This flaw allows unauthorized access to arbitrary file contents by bypassing the server.fs.deny configuration through malformed HTTP requests containing the "#" symbol. Classified as an information disclosure vulnerability, it potentially impacts over 286,000 Vite services globally. A proof of concept exploit has been released, demonstrating how attackers could access sensitive files like /etc/passwd. To mitigate risks, users are urged to update Vite to fixed versions, ensure development servers are not publicly accessible, and conduct regular audits of server configurations in development environments.