{"vulnerability": "CVE-2025-31125", "sightings": [{"uuid": "7cb15bcc-860e-4dae-8768-07e492ec27f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-31125", "type": "seen", "source": "https://bsky.app/profile/giuseppesec.bsky.social/post/3lmaiapyz3k2v", "content": "", "creation_timestamp": "2025-04-07T17:27:37.766948Z"}, {"uuid": "a32718db-908d-4eca-b97b-c38724b31753", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31125", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3llxmkl5p2s2x", "content": "", "creation_timestamp": "2025-04-04T04:50:45.671776Z"}, {"uuid": "e60059e3-1b83-49bf-a304-ba0088c11f41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31125", "type": "seen", "source": "https://bsky.app/profile/Android.activitypub.awakari.com.ap.brid.gy/post/3llw2nelcq7t2", "content": "", "creation_timestamp": "2025-04-03T13:57:51.728488Z"}, {"uuid": "9dbaeac1-f295-4af2-9966-82ec64d8ff47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-31125", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqtkca64hff2", "content": "", "creation_timestamp": "2025-06-05T05:05:49.635395Z"}, {"uuid": "35bb9e79-3e4f-474a-aa40-5988a58f2f20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31125", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3lofce45msb2p", "content": "", "creation_timestamp": "2025-05-05T02:15:50.958595Z"}, {"uuid": "abb70261-02aa-45c0-875f-7d8513d5b975", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31125", "type": "seen", "source": "https://bsky.app/profile/bilaltariq01.bsky.social/post/3lqtgljguxh2q", "content": "", "creation_timestamp": "2025-06-05T03:59:14.579956Z"}, {"uuid": "1938f827-efaf-42e6-aafe-c557935aa277", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31125", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lqingcx4yp2o", "content": "", "creation_timestamp": "2025-05-31T21:02:26.694491Z"}, {"uuid": "4eaa60b8-bd81-46ac-ab46-b5807a601baf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31125", "type": "seen", "source": "https://bsky.app/profile/pigondrugs.bsky.social/post/3mczy27u3ex22", "content": "", "creation_timestamp": "2026-01-22T20:01:08.682511Z"}, {"uuid": "f5f9a338-0825-4c1e-b568-0ae5d7379f80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31125", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3m2mqdalmnr2d", "content": "", "creation_timestamp": "2025-10-07T18:16:52.805194Z"}, {"uuid": "db93e85b-fe1a-49f2-bba8-54e421090782", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31125", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/5922984", "content": "", "creation_timestamp": "2026-03-04T01:43:08.045237Z"}, {"uuid": "ba9949e0-3332-4d34-a2a0-a0293fb3d0c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31125", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lvjlbv77go2f", "content": "", "creation_timestamp": "2025-08-03T21:02:41.132176Z"}, {"uuid": "2d73149d-c2fc-4ffe-938f-ef15e0a8ca75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31125", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3meuj2dgymk2w", "content": "", "creation_timestamp": "2026-02-15T02:39:52.211359Z"}, {"uuid": "eba3155d-05f2-49da-9e70-dfe5da43c815", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31125", "type": "published-proof-of-concept", "source": "https://t.me/realcodeb0ss/40", "content": "", "creation_timestamp": "2025-06-13T18:35:05.000000Z"}, {"uuid": "23b34738-6e0f-4b12-8f4c-24c6da39f18a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2025-31125", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/16535a89-ee97-4fa7-bdc3-30446bdf1d84", "content": "", "creation_timestamp": "2026-02-02T12:25:42.636073Z"}, {"uuid": "7ecfdec1-60b7-441b-adb6-6787518dc2e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31125", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9702", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31125\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: Vite is a frontend tooling framework for javascript. Vite exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected. This vulnerability is fixed in 6.2.4, 6.1.3, 6.0.13, 5.4.16, and 4.5.11.\n\ud83d\udccf Published: 2025-03-31T17:06:30.704Z\n\ud83d\udccf Modified: 2025-03-31T17:06:30.704Z\n\ud83d\udd17 References:\n1. https://github.com/vitejs/vite/security/advisories/GHSA-4r4m-qw57-chr8\n2. https://github.com/vitejs/vite/commit/59673137c45ac2bcfad1170d954347c1a17ab949", "creation_timestamp": "2025-03-31T17:30:49.000000Z"}, {"uuid": "bbcc74ba-a361-44e3-8a12-1399a9de44a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31125", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/28491", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aVite \u4efb\u610f\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1ePOC\nURL\uff1ahttps://github.com/sunhuiHi666/CVE-2025-31125\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-04-01T14:29:12.000000Z"}, {"uuid": "bd5559f0-3305-4500-a0e5-fd165dd1d879", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31125", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/28914", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1a\u9488\u5bf9CVE-2025-30208\u7684\u7b80\u5355\u6f0f\u6d1e\u5229\u7528\nURL\uff1ahttps://github.com/jackieya/CVE-2025-30208-and-CVE-2025-31125\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-04-02T07:40:49.000000Z"}, {"uuid": "5355bdad-2a29-48ac-954d-961f43079aa0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31125", "type": "seen", "source": "https://infosec.exchange/users/DarkWebInformer/statuses/115946155187059510", "content": "", "creation_timestamp": "2026-01-23T19:52:05.412185Z"}, {"uuid": "d92e0cdc-bc74-4ef1-b9b4-985ad22ba343", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31125", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3md4lxpffnl2i", "content": "", "creation_timestamp": "2026-01-23T21:03:01.291857Z"}, {"uuid": "cdde5800-0804-4db8-910c-dbc154e8c65f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31125", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/30741", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1a\u9488\u5bf9CVE-2025-30208\u548cCVE-2025-31125\u7684\u6f0f\u6d1e\u5229\u7528\nURL\uff1ahttps://github.com/jackieya/ViteVulScan\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-04-09T13:33:30.000000Z"}, {"uuid": "107ee758-1f71-4649-a6d4-cd2151670c37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31125", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/43915", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aThis PoC for CVE-2025-48799 demonstrates an elevation of privilege vulnerability in Windows Update service, affecting Windows 10 and 11. \ud83d\udc31\ud83d\udcbb\ud83d\udd12\nURL\uff1ahttps://github.com/harshgupptaa/Path-Transversal-CVE-2025-31125-\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-07-13T16:49:58.000000Z"}, {"uuid": "8157c5cc-d480-42c6-80cf-398c9eec3688", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31125", "type": "published-proof-of-concept", "source": "https://t.me/realcodeb0ss/27", "content": "", "creation_timestamp": "2025-05-03T13:01:51.000000Z"}, {"uuid": "9b252713-f349-468f-822b-40d547d0ceb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31125", "type": "published-proof-of-concept", "source": "Telegram/l-RUKEq1u5JC4p5gtwKJVjQtOGsljXG_cScAzYuNwcOFMHM", "content": "", "creation_timestamp": "2025-04-02T01:00:08.000000Z"}, {"uuid": "40e1a760-b388-4698-a353-4bcc4593b258", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31125", "type": "published-proof-of-concept", "source": "Telegram/ydZV3BoiWEq9wD76dMe8taztqWE6Uw4d3FCzMsSbTKFnYRs", "content": "", "creation_timestamp": "2025-07-14T03:00:09.000000Z"}, {"uuid": "8cfaf017-c735-4f81-a3ca-c3066fc757f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31125", "type": "published-proof-of-concept", "source": "Telegram/5XGpncEfRIuewYJEc34aWTFVRwMO65Yc4SMMQva9F06aJhs", "content": "", "creation_timestamp": "2025-07-13T21:00:04.000000Z"}, {"uuid": "46ac277f-1048-4426-94dd-96c0c321eea4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31125", "type": "published-proof-of-concept", "source": "https://t.me/testibiskuat/537", "content": "\ud83d\udea8 Exploit CVE-2025-31125 untuk Vite.js Dev Server\n\nRepo ini adalah Proof of Concept (PoC) eksploitasi kerentanan path traversal pada development server Vite.js.\nMelalui endpoint @fs, penyerang bisa membaca file sensitif dari server seperti /etc/passwd, asalkan server Vite dijalankan dengan opsi --host terbuka (misalnya saat testing di jaringan publik).\n\n\u26a0\ufe0f Tujuan:\nMembuktikan bahwa versi lama Vite.js rentan terhadap path traversal via URL, sehingga bisa dieksploitasi untuk mencuri file internal.\n\n\u203c\ufe0f Kerentanan ini tidak memungkinkan eksekusi kode, tapi sangat berbahaya karena bisa bocorkan konfigurasi, kredensial, atau source code.\n\n\u2714\ufe0fSudah diperbaiki di versi:\n\n6.2.4+\n\n6.1.3+\n\n6.0.13+\n\n5.4.16+\n\n4.5.11+\n\n\ud83d\udca1Solusi:\nSegera upgrade Vite, dan jangan expose dev server ke internet.\n\n\ud83d\udd17 GitHub: https://github.com/MuhammadWaseem29/Vitejs-exploit", "creation_timestamp": "2025-06-17T15:50:19.000000Z"}, {"uuid": "d3adb6de-cef8-4779-bc96-e6f2898166ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31125", "type": "seen", "source": "https://t.me/cvedetector/21633", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31125 - Vite File Exposure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-31125 \nPublished : March 31, 2025, 5:15 p.m. | 1\u00a0hour, 48\u00a0minutes ago \nDescription : Vite is a frontend tooling framework for javascript. Vite exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected. This vulnerability is fixed in 6.2.4, 6.1.3, 6.0.13, 5.4.16, and 4.5.11. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-31T21:43:14.000000Z"}, {"uuid": "a63c0d52-1ab9-4f7b-a14f-d23303fc7329", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31125", "type": "published-proof-of-concept", "source": "Telegram/r84uk1c1f1koqzztiTdxByQ9BLtYAaDiWUWNZ6l_8-95JYw", "content": "", "creation_timestamp": "2025-05-07T17:00:13.000000Z"}, {"uuid": "de7eb681-ea98-40ea-864f-3036b463e554", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31125", "type": "published-proof-of-concept", "source": "Telegram/N8uq1Jx0g0gbfuBCg8wzq4C3UqiEx5PBm4E8_nw5MDhPdA4", "content": "", "creation_timestamp": "2025-04-01T23:00:05.000000Z"}]}