Vite - Information Disclosure (CVE-2025-30208)

CVE-2025-30208 is a vulnerability in Vite frontend development tooling that allows attackers to bypass file access restrictions by manipulating URL query strings, potentially exposing the contents of arbitrary files to the browser. This flaw can be exploited remotely if the Vite dev server is exposed to the network, posing a risk of sensitive data disclosure through crafted requests.

CrowdSec has been tracking this vulnerability and its exploits since 1st of October 2025.

CrowdSec network data shows that most actors exploiting CVE-2025-30208 rely on broad, untargeted scans with minimal filtering. The activity is largely automated and opportunistic in nature. In addition, according to the CrowdSec network, attack volume against CVE-2025-30208 has dipped slightly compared to the previous week. Although still commonly targeted, the decline suggests a cooling-off period. Long-term relevance remains, but attention is waning.

Attackers exploit this vulnerability by requesting files with paths like /@fs/etc/passwd?raw or /@fs/C:/Windows/System32/drivers/etc/hosts?raw, using the ?raw query to bypass Vite's file access restrictions and read arbitrary files from the server. Targets are typically Vite dev servers exposed to the network.