CVE - CVE-2025-31125-

重大度: MEDIUM
公開日: 2025-03-31
更新日: 2026-01-23

概要

Vite is a frontend tooling framework for javascript. Vite exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected. This vulnerability is fixed in 6.2.4, 6.1.3, 6.0.13, 5.4.16, and 4.5.11.

このCVEに関連するMITRE ATT&CKテクニック

T1560.001 - Archive via Utility
T1590.002 - DNS
T1114.001 - Local Email Collection
T1013 - Port Monitors
T1598.003 - Spearphishing Link
T1583.005 - Botnet
T1608.001 - Upload Malware
T1050 - New Service
T1518.002 - Backup Software Discovery
T1032 - Standard Cryptographic Protocol
T1218.003 - CMSTP
T1525 - Implant Internal Image
T1562.004 - Disable or Modify System Firewall
T1155 - AppleScript
T1681 - Search Threat Vendor Data
T1585.002 - Email Accounts
T1179 - Hooking
T1546.008 - Accessibility Features
T1027.017 - SVG Smuggling
T1083 - File and Directory Discovery
T1649 - Steal or Forge Authentication Certificates
T1051 - Shared Webroot
T1552.001 - Credentials In Files
T1218.005 - Mshta
T1608.005 - Link Target
T1480 - Execution Guardrails
T1598.002 - Spearphishing Attachment
T1606 - Forge Web Credentials
T1071.002 - File Transfer Protocols
T1219.003 - Remote Access Hardware
T1078 - Valid Accounts
T1187 - Forced Authentication
T1486 - Data Encrypted for Impact
T1567.003 - Exfiltration to Text Storage Sites
T1128 - Netsh Helper DLL
T1595.003 - Wordlist Scanning
T1030 - Data Transfer Size Limits
T1500 - Compile After Delivery
T1213.003 - Code Repositories
T1565.002 - Transmitted Data Manipulation
T1223 - Compiled HTML File
T1159 - Launch Agent
T1538 - Cloud Service Dashboard
T1055.008 - Ptrace System Calls
T1653 - Power Settings
T1591.001 - Determine Physical Locations
T1204.001 - Malicious Link
T1035 - Service Execution
T1505.006 - vSphere Installation Bundles

このCVEが関連しているPulses

このCVEが関連しているPulsesはありません。

CVEの関係性グラフ

← CVE一覧に戻る