System	Score	Found at
cvssv3	5.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31125.json
epss	0.83244	https://api.first.org/data/v1/epss?cve=CVE-2025-31125
cvssv3.1	5.3	https://github.com/vitejs/vite
generic_textual	MODERATE	https://github.com/vitejs/vite
cvssv3.1	5.3	https://github.com/vitejs/vite/commit/59673137c45ac2bcfad1170d954347c1a17ab949
generic_textual	MODERATE	https://github.com/vitejs/vite/commit/59673137c45ac2bcfad1170d954347c1a17ab949
ssvc	Attend	https://github.com/vitejs/vite/commit/59673137c45ac2bcfad1170d954347c1a17ab949
cvssv3.1	5.3	https://github.com/vitejs/vite/security/advisories/GHSA-4r4m-qw57-chr8
generic_textual	MODERATE	https://github.com/vitejs/vite/security/advisories/GHSA-4r4m-qw57-chr8
ssvc	Attend	https://github.com/vitejs/vite/security/advisories/GHSA-4r4m-qw57-chr8
cvssv3.1	5.3	https://nvd.nist.gov/vuln/detail/CVE-2025-31125
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2025-31125
cvssv3.1	5.3	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31125
generic_textual	MODERATE	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31125

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31125.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-31125
		https://github.com/vitejs/vite
		https://nvd.nist.gov/vuln/detail/CVE-2025-31125
		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31125
2356283		https://bugzilla.redhat.com/show_bug.cgi?id=2356283
59673137c45ac2bcfad1170d954347c1a17ab949		https://github.com/vitejs/vite/commit/59673137c45ac2bcfad1170d954347c1a17ab949
GHSA-4r4m-qw57-chr8		https://github.com/advisories/GHSA-4r4m-qw57-chr8
GHSA-4r4m-qw57-chr8		https://github.com/vitejs/vite/security/advisories/GHSA-4r4m-qw57-chr8

Data source	KEV
Date added	Jan. 22, 2026
Description	Vite Vitejs contains an improper access control vulnerability that exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected.
Required action	Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due date	Feb. 12, 2026
Note	This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/vitejs/vite/commit/59673137c45ac2bcfad1170d954347c1a17ab949 ; https://nvd.nist.gov/vuln/detail/CVE-2025-31125
Ransomware campaign use	Unknown

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31125.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/vitejs/vite

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/vitejs/vite/commit/59673137c45ac2bcfad1170d954347c1a17ab949

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

---

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-01-23T16:58:33Z/ Found at https://github.com/vitejs/vite/commit/59673137c45ac2bcfad1170d954347c1a17ab949

---

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/vitejs/vite/security/advisories/GHSA-4r4m-qw57-chr8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

---

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-01-23T16:58:33Z/ Found at https://github.com/vitejs/vite/security/advisories/GHSA-4r4m-qw57-chr8

---

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2025-31125

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31125

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Percentile	0.99286
EPSS Score	0.83244
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T17:05:08.441587+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2025/31xxx/CVE-2025-31125.json	38.6.0