{ "document": { "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this portal to enhance access to its information and vulnerabilities. The use of this information is subject to the following terms and conditions:\n\nThe vulnerabilities disclosed in this portal are gathered by NCSC-NL from a variety of open sources, which the user can retrieve from other platforms. NCSC-NL makes every reasonable effort to ensure that the content of this portal is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or real-time keeping up-to-date. NCSC-NL does not control nor guarantee the accuracy, relevance, timeliness or completeness of information obtained from these external sources. The vulnerabilities disclosed in this portal are intended solely for the convenience of professional parties to take appropriate measures to manage the risks posed to the cybersecurity. No rights can be derived from the information provided therein.\n\nNCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of the vulnerabilities disclosed in this portal. This includes damage resulting from the inaccuracy of incompleteness of the information contained in it.\nThe information on this page is subject to Dutch law. All disputes related to or arising from the use of this portal regarding the disclosure of vulnerabilities will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "National Cyber Security Centre", "namespace": "https://www.ncsc.nl/" }, "title": "CVE-2025-58751", "tracking": { "current_release_date": "2026-05-21T16:23:44.703657Z", "generator": { "date": "2026-02-17T15:00:00Z", "engine": { "name": "V.E.L.M.A", "version": "1.7" } }, "id": "CVE-2025-58751", "initial_release_date": "2025-09-08T23:24:54.349475Z", "revision_history": [ { "date": "2025-09-08T23:24:54.349475Z", "number": "1", "summary": "CVE created.| Source created.| Description created for source.| CVSS created.| References created (6).| CWES updated (1)." }, { "date": "2025-09-08T23:24:58.475636Z", "number": "2", "summary": "NCSC Score created." }, { "date": "2025-09-08T23:38:40.929187Z", "number": "3", "summary": "Source created.| Description created for source.| CVSS created.| Products connected (4).| References created (6).| CWES updated (1)." }, { "date": "2025-09-08T23:38:46.797834Z", "number": "4", "summary": "NCSC Score updated." }, { "date": "2025-09-09T07:34:46.052654Z", "number": "5", "summary": "NCSC Score updated." }, { "date": "2025-09-09T16:35:48.838871Z", "number": "6", "summary": "Source created.| EPSS created." }, { "date": "2025-09-09T21:39:32.533426Z", "number": "7", "summary": "Source created.| Description created for source.| CVSS created.| References created (8).| CWES updated (1)." }, { "date": "2025-09-09T21:39:36.066007Z", "number": "8", "summary": "NCSC Score updated." }, { "date": "2025-09-15T14:36:09.103923Z", "number": "9", "summary": "NCSC Score updated." }, { "date": "2025-09-17T16:25:43.100382Z", "number": "10", "summary": "CVSS created.| Products connected (4).| Product Identifiers created (4).| Exploits created (1)." }, { "date": "2025-09-17T16:25:49.508382Z", "number": "11", "summary": "NCSC Score updated." }, { "date": "2025-09-23T06:45:46.023377Z", "number": "12", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products created (1034).| Products connected (674).| References created (6)." }, { "date": "2025-09-23T06:47:00.017481Z", "number": "13", "summary": "NCSC Score updated." }, { "date": "2025-10-02T20:24:20.527036Z", "number": "14", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products connected (4).| References created (7).| CWES updated (1)." }, { "date": "2025-10-02T20:24:25.707444Z", "number": "15", "summary": "NCSC Score updated." }, { "date": "2025-10-13T15:20:58.564270Z", "number": "16", "summary": "EPSS updated." }, { "date": "2025-10-13T15:21:02.307844Z", "number": "17", "summary": "NCSC Score updated." }, { "date": "2025-10-16T06:53:43.836790Z", "number": "18", "summary": "CVSS created.| Products removed (918)." }, { "date": "2025-10-16T06:56:29.392073Z", "number": "19", "summary": "NCSC Score updated." }, { "date": "2025-10-17T14:15:56.730716Z", "number": "20", "summary": "EPSS updated." }, { "date": "2025-10-17T14:16:07.369447Z", "number": "21", "summary": "NCSC Score updated." }, { "date": "2025-10-20T15:13:16.566047Z", "number": "22", "summary": "EPSS updated." }, { "date": "2025-10-20T15:13:25.681794Z", "number": "23", "summary": "NCSC Score updated." }, { "date": "2025-10-25T17:29:57.268462Z", "number": "24", "summary": "Products connected (70).| CWES updated (1)." }, { "date": "2025-10-25T17:30:35.925618Z", "number": "25", "summary": "NCSC Score updated." }, { "date": "2025-11-03T16:19:57.138616Z", "number": "26", "summary": "EPSS updated." }, { "date": "2025-11-03T16:20:02.552381Z", "number": "27", "summary": "NCSC Score updated." }, { "date": "2025-11-04T18:04:43.289859Z", "number": "28", "summary": "EPSS updated." }, { "date": "2025-11-04T18:04:52.860247Z", "number": "29", "summary": "NCSC Score updated." }, { "date": "2025-11-18T14:22:03.264638Z", "number": "30", "summary": "EPSS updated." }, { "date": "2025-11-18T14:22:08.696082Z", "number": "31", "summary": "NCSC Score updated." }, { "date": "2025-11-21T14:49:19.564389Z", "number": "32", "summary": "EPSS updated." }, { "date": "2025-11-21T14:49:21.658414Z", "number": "33", "summary": "NCSC Score updated." }, { "date": "2025-12-05T20:00:36.738390Z", "number": "34", "summary": "References created (2)." }, { "date": "2026-01-08T14:14:01.904924Z", "number": "35", "summary": "EPSS updated." }, { "date": "2026-01-08T14:14:03.557037Z", "number": "36", "summary": "NCSC Score updated." }, { "date": "2026-02-04T14:15:56.933402Z", "number": "37", "summary": "EPSS updated." }, { "date": "2026-02-04T14:15:58.818402Z", "number": "38", "summary": "NCSC Score updated." }, { "date": "2026-02-05T14:15:15.774327Z", "number": "39", "summary": "EPSS updated." }, { "date": "2026-02-05T22:14:38.415419Z", "number": "40", "summary": "Products removed (735)." }, { "date": "2026-02-05T22:14:51.985371Z", "number": "41", "summary": "NCSC Score updated." }, { "date": "2026-02-07T01:34:37.944685Z", "number": "42", "summary": "Products connected (720).| Products removed (55)." }, { "date": "2026-02-07T01:37:04.300211Z", "number": "43", "summary": "NCSC Score updated." }, { "date": "2026-02-07T10:29:06.826450Z", "number": "44", "summary": "Products connected (55).| Products removed (720)." }, { "date": "2026-02-07T14:14:38.144896Z", "number": "45", "summary": "EPSS updated." }, { "date": "2026-02-10T16:36:22.600478Z", "number": "46", "summary": "Products connected (720).| Products removed (55)." }, { "date": "2026-02-10T16:39:49.604155Z", "number": "47", "summary": "NCSC Score updated." }, { "date": "2026-02-13T00:27:01.284036Z", "number": "48", "summary": "Products connected (55).| Products removed (720)." }, { "date": "2026-02-13T00:27:16.302961Z", "number": "49", "summary": "NCSC Score updated." }, { "date": "2026-02-14T17:57:49.096924Z", "number": "50", "summary": "Products connected (720).| Products removed (55)." }, { "date": "2026-02-16T14:28:04.070511Z", "number": "51", "summary": "EPSS updated." }, { "date": "2026-02-18T11:48:23.424791Z", "number": "52", "summary": "Products connected (70)." }, { "date": "2026-02-18T17:46:26.108885Z", "number": "53", "summary": "Products removed (70)." }, { "date": "2026-02-18T17:47:13.835889Z", "number": "54", "summary": "NCSC Score updated." }, { "date": "2026-02-22T12:38:37.236531Z", "number": "55", "summary": "Products connected (70)." }, { "date": "2026-02-24T03:58:22.113934Z", "number": "56", "summary": "Products removed (70)." }, { "date": "2026-02-24T03:59:06.835313Z", "number": "57", "summary": "NCSC Score updated." }, { "date": "2026-02-25T10:17:36.431350Z", "number": "58", "summary": "Products connected (55).| Products removed (720)." }, { "date": "2026-02-25T10:17:49.798985Z", "number": "59", "summary": "NCSC Score updated." }, { "date": "2026-02-26T10:28:01.402894Z", "number": "60", "summary": "Products connected (735)." }, { "date": "2026-02-26T15:21:46.517509Z", "number": "61", "summary": "Products removed (70)." }, { "date": "2026-02-28T10:17:10.488120Z", "number": "62", "summary": "Products connected (70)." }, { "date": "2026-03-01T14:07:15.768581Z", "number": "63", "summary": "Products removed (735)." }, { "date": "2026-03-02T10:03:43.482711Z", "number": "64", "summary": "Products connected (720).| Products removed (55)." }, { "date": "2026-03-03T11:49:34.422931Z", "number": "65", "summary": "Products connected (55).| Products removed (720)." }, { "date": "2026-03-09T12:17:31.954238Z", "number": "66", "summary": "NCSC Score updated." }, { "date": "2026-03-10T12:33:51.002744Z", "number": "67", "summary": "Source connected.| CVE status created. (valid)| Description created for source.| CVSS created.| Products connected (1).| Product Remediations created (1).| References created (2).| CWES updated (1)." }, { "date": "2026-03-10T12:33:54.414596Z", "number": "68", "summary": "NCSC Score updated." }, { "date": "2026-03-10T12:44:40.245381Z", "number": "69", "summary": "Source connected.| CVE status created. (valid)" }, { "date": "2026-03-11T16:23:34.494721Z", "number": "70", "summary": "EPSS updated." }, { "date": "2026-03-11T16:23:43.483329Z", "number": "71", "summary": "NCSC Score updated." }, { "date": "2026-03-18T17:47:15.846649Z", "number": "72", "summary": "NCSC Score updated." }, { "date": "2026-03-19T20:50:28.542952Z", "number": "73", "summary": "Source connected.| CVE status created. (valid)| EPSS created." }, { "date": "2026-03-19T20:50:31.336753Z", "number": "74", "summary": "NCSC Score updated." }, { "date": "2026-03-20T05:30:35.164013Z", "number": "75", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products connected (4).| Product Identifiers created (4).| Exploits created (1).| References created (6).| CWES updated (1)." }, { "date": "2026-03-20T05:30:38.829662Z", "number": "76", "summary": "NCSC Score updated." }, { "date": "2026-03-28T23:50:24.403059Z", "number": "77", "summary": "Source connected.| CVE status created. (valid)| EPSS created." }, { "date": "2026-03-28T23:50:27.239967Z", "number": "78", "summary": "NCSC Score updated." }, { "date": "2026-05-21T16:22:31.293179Z", "number": "79", "summary": "Source connected.| CVE status created. (valid)| EPSS created." }, { "date": "2026-05-21T16:22:35.996947Z", "number": "80", "summary": "NCSC Score updated." } ], "status": "interim", "version": "80" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:intdot/<4.0.800", "product": { "name": "vers:intdot/<4.0.800", "product_id": "CSAFPID-5771496" } } ], "category": "product_name", "name": "SIDIS Prime" } ], "category": "vendor", "name": "Siemens" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/v0.1.0", "product": { "name": "vers:unknown/v0.1.0", "product_id": "CSAFPID-3720518" } }, { "category": "product_version_range", "name": "vers:unknown/v0.1.1", "product": { "name": "vers:unknown/v0.1.1", "product_id": "CSAFPID-3720519" } }, { "category": "product_version_range", "name": "vers:unknown/v0.1.2", "product": { "name": "vers:unknown/v0.1.2", "product_id": "CSAFPID-3720520" } }, { "category": "product_version_range", "name": "vers:unknown/v0.1.3", "product": { "name": "vers:unknown/v0.1.3", "product_id": "CSAFPID-3720521" } }, { "category": "product_version_range", "name": "vers:unknown/v0.1.4", "product": { "name": "vers:unknown/v0.1.4", "product_id": "CSAFPID-3720522" } }, { "category": "product_version_range", "name": "vers:unknown/v0.1.5", "product": { "name": "vers:unknown/v0.1.5", "product_id": "CSAFPID-3720523" } }, { "category": "product_version_range", "name": "vers:unknown/v0.2.0", "product": { "name": "vers:unknown/v0.2.0", "product_id": "CSAFPID-3720524" } }, { "category": "product_version_range", "name": "vers:unknown/v0.2.1", "product": { "name": "vers:unknown/v0.2.1", "product_id": "CSAFPID-3720525" } }, { "category": "product_version_range", "name": "vers:unknown/v0.2.2", "product": { "name": "vers:unknown/v0.2.2", "product_id": "CSAFPID-3720526" } }, { "category": "product_version_range", "name": "vers:unknown/v0.2.3", "product": { "name": "vers:unknown/v0.2.3", "product_id": "CSAFPID-3720527" } }, { "category": "product_version_range", "name": "vers:unknown/v0.2.4", "product": { "name": "vers:unknown/v0.2.4", "product_id": "CSAFPID-3720528" } }, { "category": "product_version_range", "name": "vers:unknown/v0.2.5", "product": { "name": "vers:unknown/v0.2.5", "product_id": "CSAFPID-3720529" } }, { "category": "product_version_range", "name": "vers:unknown/v0.3.0", "product": { "name": "vers:unknown/v0.3.0", "product_id": "CSAFPID-3720530" } }, { "category": "product_version_range", "name": "vers:unknown/v0.3.1", "product": { "name": "vers:unknown/v0.3.1", "product_id": "CSAFPID-3720531" } }, { "category": "product_version_range", "name": "vers:unknown/v0.3.2", "product": { "name": "vers:unknown/v0.3.2", "product_id": "CSAFPID-3720532" } }, { "category": "product_version_range", "name": "vers:unknown/v0.4.0", "product": { "name": "vers:unknown/v0.4.0", "product_id": "CSAFPID-3720533" } }, { "category": "product_version_range", "name": "vers:unknown/v0.4.1", "product": { "name": "vers:unknown/v0.4.1", "product_id": "CSAFPID-3720534" } }, { "category": "product_version_range", "name": "vers:unknown/v0.4.2", "product": { "name": "vers:unknown/v0.4.2", "product_id": "CSAFPID-3720535" } }, { "category": "product_version_range", "name": "vers:unknown/v0.4.3", "product": { "name": "vers:unknown/v0.4.3", "product_id": "CSAFPID-3720536" } }, { "category": "product_version_range", "name": "vers:unknown/v0.4.4", "product": { "name": "vers:unknown/v0.4.4", "product_id": "CSAFPID-3720537" } }, { "category": "product_version_range", "name": "vers:unknown/v0.4.5", "product": { "name": "vers:unknown/v0.4.5", "product_id": "CSAFPID-3720538" } }, { "category": "product_version_range", "name": "vers:unknown/v0.4.6", "product": { "name": "vers:unknown/v0.4.6", "product_id": "CSAFPID-3720539" } }, { "category": "product_version_range", "name": "vers:unknown/v1.0.0", "product": { "name": "vers:unknown/v1.0.0", "product_id": "CSAFPID-3720540" } }, { "category": "product_version_range", "name": "vers:unknown/v1.0.1", "product": { "name": "vers:unknown/v1.0.1", "product_id": "CSAFPID-3720549" } }, { "category": "product_version_range", "name": "vers:unknown/v1.0.10", "product": { "name": "vers:unknown/v1.0.10", "product_id": "CSAFPID-3720550" } }, { "category": "product_version_range", "name": "vers:unknown/v1.0.11", "product": { "name": "vers:unknown/v1.0.11", "product_id": "CSAFPID-3720551" } }, { "category": "product_version_range", "name": "vers:unknown/v1.0.12", "product": { "name": "vers:unknown/v1.0.12", "product_id": "CSAFPID-3720552" } }, { "category": "product_version_range", "name": "vers:unknown/v1.0.13", "product": { "name": "vers:unknown/v1.0.13", "product_id": "CSAFPID-3720553" } }, { "category": "product_version_range", "name": "vers:unknown/v1.0.14", "product": { "name": "vers:unknown/v1.0.14", "product_id": "CSAFPID-3720554" } }, { "category": "product_version_range", "name": "vers:unknown/v1.0.15", "product": { "name": "vers:unknown/v1.0.15", "product_id": "CSAFPID-3720555" } }, { "category": "product_version_range", "name": "vers:unknown/v1.0.16", "product": { "name": "vers:unknown/v1.0.16", "product_id": "CSAFPID-3720556" } }, { "category": "product_version_range", "name": "vers:unknown/v1.0.17", "product": { "name": "vers:unknown/v1.0.17", "product_id": "CSAFPID-3720557" } }, { "category": "product_version_range", "name": "vers:unknown/v1.0.18", "product": { "name": "vers:unknown/v1.0.18", "product_id": "CSAFPID-3720558" } }, { "category": "product_version_range", "name": "vers:unknown/v1.0.19", "product": { "name": "vers:unknown/v1.0.19", "product_id": "CSAFPID-3720559" } }, { "category": "product_version_range", "name": "vers:unknown/v1.0.2", "product": { "name": "vers:unknown/v1.0.2", "product_id": "CSAFPID-3720560" } }, { "category": "product_version_range", "name": "vers:unknown/v1.0.3", "product": { "name": "vers:unknown/v1.0.3", "product_id": "CSAFPID-3720561" } }, { "category": "product_version_range", "name": "vers:unknown/v1.0.4", "product": { "name": "vers:unknown/v1.0.4", "product_id": "CSAFPID-3720562" } }, { "category": "product_version_range", "name": "vers:unknown/v1.0.5", "product": { "name": "vers:unknown/v1.0.5", "product_id": "CSAFPID-3720563" } }, { "category": "product_version_range", "name": "vers:unknown/v1.0.6", "product": { "name": "vers:unknown/v1.0.6", "product_id": "CSAFPID-3720564" } }, { "category": "product_version_range", "name": "vers:unknown/v1.0.7", "product": { "name": "vers:unknown/v1.0.7", "product_id": "CSAFPID-3720565" } }, { "category": "product_version_range", "name": "vers:unknown/v1.0.8", "product": { "name": "vers:unknown/v1.0.8", "product_id": "CSAFPID-3720566" } }, { "category": "product_version_range", "name": "vers:unknown/v1.0.9", "product": { "name": "vers:unknown/v1.0.9", "product_id": "CSAFPID-3720567" } }, { "category": "product_version_range", "name": "vers:unknown/v2.0.0", "product": { "name": "vers:unknown/v2.0.0", "product_id": "CSAFPID-3720568" } }, { "category": "product_version_range", "name": "vers:unknown/v2.0.2", "product": { "name": "vers:unknown/v2.0.2", "product_id": "CSAFPID-3720644" } }, { "category": "product_version_range", "name": "vers:unknown/v2.0.3", "product": { "name": "vers:unknown/v2.0.3", "product_id": "CSAFPID-3720645" } }, { "category": "product_version_range", "name": "vers:unknown/v2.0.4", "product": { "name": "vers:unknown/v2.0.4", "product_id": "CSAFPID-3720646" } }, { "category": "product_version_range", "name": "vers:unknown/v3.0.0", "product": { "name": "vers:unknown/v3.0.0", "product_id": "CSAFPID-3720766" } }, { "category": "product_version_range", "name": "vers:unknown/v3.0.1", "product": { "name": "vers:unknown/v3.0.1", "product_id": "CSAFPID-3720793" } } ], "category": "product_name", "name": "sirv" } ], "category": "vendor", "name": "lukeed" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/<5.4.20", "product": { "name": "vers:unknown/<5.4.20", "product_id": "CSAFPID-3103287", "product_identification_helper": { "cpe": "cpe:2.3:a:vitejs:vite:*:*:*:*:*:node.js:*:*" } } }, { "category": "product_version_range", "name": "vers:unknown/>=0|<5.4.20", "product": { "name": "vers:unknown/>=0|<5.4.20", "product_id": "CSAFPID-4957542" } }, { "category": "product_version_range", "name": "vers:unknown/>=6.0.0|<6.3.6", "product": { "name": "vers:unknown/>=6.0.0|<6.3.6", "product_id": "CSAFPID-3103288", "product_identification_helper": { "cpe": "cpe:2.3:a:vitejs:vite:*:*:*:*:*:node.js:*:*" } } }, { "category": "product_version_range", "name": "vers:unknown/>=7.0.0|<7.0.7", "product": { "name": "vers:unknown/>=7.0.0|<7.0.7", "product_id": "CSAFPID-3103289", "product_identification_helper": { "cpe": "cpe:2.3:a:vitejs:vite:*:*:*:*:*:node.js:*:*" } } }, { "category": "product_version_range", "name": "vers:unknown/>=7.1.0|<7.1.5", "product": { "name": "vers:unknown/>=7.1.0|<7.1.5", "product_id": "CSAFPID-3103290", "product_identification_helper": { "cpe": "cpe:2.3:a:vitejs:vite:*:*:*:*:*:node.js:*:*" } } }, { "category": "product_version_range", "name": "vers:unknown/create-vite@6.0.0", "product": { "name": "vers:unknown/create-vite@6.0.0", "product_id": "CSAFPID-3721046" } }, { "category": "product_version_range", "name": "vers:unknown/create-vite@6.0.1", "product": { "name": "vers:unknown/create-vite@6.0.1", "product_id": "CSAFPID-3721047" } }, { "category": "product_version_range", "name": "vers:unknown/create-vite@6.1.0", "product": { "name": "vers:unknown/create-vite@6.1.0", "product_id": "CSAFPID-3721048" } }, { "category": "product_version_range", "name": "vers:unknown/create-vite@6.1.1", "product": { "name": "vers:unknown/create-vite@6.1.1", "product_id": "CSAFPID-3721049" } }, { "category": "product_version_range", "name": "vers:unknown/create-vite@6.2.0", "product": { "name": "vers:unknown/create-vite@6.2.0", "product_id": "CSAFPID-3721050" } }, { "category": "product_version_range", "name": "vers:unknown/create-vite@6.2.1", "product": { "name": "vers:unknown/create-vite@6.2.1", "product_id": "CSAFPID-3721051" } }, { "category": "product_version_range", "name": "vers:unknown/create-vite@6.3.0", "product": { "name": "vers:unknown/create-vite@6.3.0", "product_id": "CSAFPID-3721052" } }, { "category": "product_version_range", "name": "vers:unknown/create-vite@6.3.1", "product": { "name": "vers:unknown/create-vite@6.3.1", "product_id": "CSAFPID-3721053" } }, { "category": "product_version_range", "name": "vers:unknown/create-vite@6.4.0", "product": { "name": "vers:unknown/create-vite@6.4.0", "product_id": "CSAFPID-3721054" } }, { "category": "product_version_range", "name": "vers:unknown/create-vite@6.4.1", "product": { "name": "vers:unknown/create-vite@6.4.1", "product_id": "CSAFPID-3721055" } }, { "category": "product_version_range", "name": "vers:unknown/create-vite@6.5.0", "product": { "name": "vers:unknown/create-vite@6.5.0", "product_id": "CSAFPID-3721056" } }, { "category": "product_version_range", "name": "vers:unknown/create-vite@7.0.0", "product": { "name": "vers:unknown/create-vite@7.0.0", "product_id": "CSAFPID-3721057" } }, { "category": "product_version_range", "name": "vers:unknown/create-vite@7.0.1", "product": { "name": "vers:unknown/create-vite@7.0.1", "product_id": "CSAFPID-3721058" } }, { "category": "product_version_range", "name": "vers:unknown/create-vite@7.0.2", "product": { "name": "vers:unknown/create-vite@7.0.2", "product_id": "CSAFPID-3721059" } }, { "category": "product_version_range", "name": "vers:unknown/create-vite@7.0.3", "product": { "name": "vers:unknown/create-vite@7.0.3", "product_id": "CSAFPID-3721060" } }, { "category": "product_version_range", "name": "vers:unknown/create-vite@7.1.0", "product": { "name": "vers:unknown/create-vite@7.1.0", "product_id": "CSAFPID-3721061" } }, { "category": "product_version_range", "name": "vers:unknown/create-vite@7.1.1", "product": { "name": "vers:unknown/create-vite@7.1.1", "product_id": "CSAFPID-3721062" } }, { "category": "product_version_range", "name": "vers:unknown/plugin-legacy@6.0.0", "product": { "name": "vers:unknown/plugin-legacy@6.0.0", "product_id": "CSAFPID-3721067" } }, { "category": "product_version_range", "name": "vers:unknown/plugin-legacy@6.0.1", "product": { "name": "vers:unknown/plugin-legacy@6.0.1", "product_id": "CSAFPID-3721068" } }, { "category": "product_version_range", "name": "vers:unknown/plugin-legacy@6.0.2", "product": { "name": "vers:unknown/plugin-legacy@6.0.2", "product_id": "CSAFPID-3721069" } }, { "category": "product_version_range", "name": "vers:unknown/plugin-legacy@6.1.0", "product": { "name": "vers:unknown/plugin-legacy@6.1.0", "product_id": "CSAFPID-3721070" } }, { "category": "product_version_range", "name": "vers:unknown/plugin-legacy@6.1.1", "product": { "name": "vers:unknown/plugin-legacy@6.1.1", "product_id": "CSAFPID-3721071" } }, { "category": "product_version_range", "name": "vers:unknown/plugin-legacy@7.0.0", "product": { "name": "vers:unknown/plugin-legacy@7.0.0", "product_id": "CSAFPID-3721072" } }, { "category": "product_version_range", "name": "vers:unknown/plugin-legacy@7.0.0-beta.0", "product": { "name": "vers:unknown/plugin-legacy@7.0.0-beta.0", "product_id": "CSAFPID-3721073" } }, { "category": "product_version_range", "name": "vers:unknown/plugin-legacy@7.0.0-beta.1", "product": { "name": "vers:unknown/plugin-legacy@7.0.0-beta.1", "product_id": "CSAFPID-3721074" } }, { "category": "product_version_range", "name": "vers:unknown/plugin-legacy@7.0.1", "product": { "name": "vers:unknown/plugin-legacy@7.0.1", "product_id": "CSAFPID-3721075" } }, { "category": "product_version_range", "name": "vers:unknown/plugin-legacy@7.1.0", "product": { "name": "vers:unknown/plugin-legacy@7.1.0", "product_id": "CSAFPID-3721076" } }, { "category": "product_version_range", "name": "vers:unknown/plugin-legacy@7.2.0", "product": { "name": "vers:unknown/plugin-legacy@7.2.0", "product_id": "CSAFPID-3721077" } }, { "category": "product_version_range", "name": "vers:unknown/plugin-legacy@7.2.1", "product": { "name": "vers:unknown/plugin-legacy@7.2.1", "product_id": "CSAFPID-3721078" } }, { "category": "product_version_range", "name": "vers:unknown/v6.0.0", "product": { "name": "vers:unknown/v6.0.0", "product_id": "CSAFPID-3721159" } }, { "category": "product_version_range", "name": "vers:unknown/v6.0.1", "product": { "name": "vers:unknown/v6.0.1", "product_id": "CSAFPID-3721171" } }, { "category": "product_version_range", "name": "vers:unknown/v6.0.10", "product": { "name": "vers:unknown/v6.0.10", "product_id": "CSAFPID-3721172" } }, { "category": "product_version_range", "name": "vers:unknown/v6.0.11", "product": { "name": "vers:unknown/v6.0.11", "product_id": "CSAFPID-3721173" } }, { "category": "product_version_range", "name": "vers:unknown/v6.0.2", "product": { "name": "vers:unknown/v6.0.2", "product_id": "CSAFPID-3721174" } }, { "category": "product_version_range", "name": "vers:unknown/v6.0.3", "product": { "name": "vers:unknown/v6.0.3", "product_id": "CSAFPID-3721175" } }, { "category": "product_version_range", "name": "vers:unknown/v6.0.4", "product": { "name": "vers:unknown/v6.0.4", "product_id": "CSAFPID-3721176" } }, { "category": "product_version_range", "name": "vers:unknown/v6.0.5", "product": { "name": "vers:unknown/v6.0.5", "product_id": "CSAFPID-3721177" } }, { "category": "product_version_range", "name": "vers:unknown/v6.0.6", "product": { "name": "vers:unknown/v6.0.6", "product_id": "CSAFPID-3721178" } }, { "category": "product_version_range", "name": "vers:unknown/v6.0.7", "product": { "name": "vers:unknown/v6.0.7", "product_id": "CSAFPID-3721179" } }, { "category": "product_version_range", "name": "vers:unknown/v6.0.8", "product": { "name": "vers:unknown/v6.0.8", "product_id": "CSAFPID-3721180" } }, { "category": "product_version_range", "name": "vers:unknown/v6.0.9", "product": { "name": "vers:unknown/v6.0.9", "product_id": "CSAFPID-3721181" } }, { "category": "product_version_range", "name": "vers:unknown/v6.1.0", "product": { "name": "vers:unknown/v6.1.0", "product_id": "CSAFPID-3721182" } }, { "category": "product_version_range", "name": "vers:unknown/v6.1.0-beta.0", "product": { "name": "vers:unknown/v6.1.0-beta.0", "product_id": "CSAFPID-3721183" } }, { "category": "product_version_range", "name": "vers:unknown/v6.1.0-beta.1", "product": { "name": "vers:unknown/v6.1.0-beta.1", "product_id": "CSAFPID-3721184" } }, { "category": "product_version_range", "name": "vers:unknown/v6.1.0-beta.2", "product": { "name": "vers:unknown/v6.1.0-beta.2", "product_id": "CSAFPID-3721185" } }, { "category": "product_version_range", "name": "vers:unknown/v6.1.1", "product": { "name": "vers:unknown/v6.1.1", "product_id": "CSAFPID-3721186" } }, { "category": "product_version_range", "name": "vers:unknown/v6.2.0", "product": { "name": "vers:unknown/v6.2.0", "product_id": "CSAFPID-3721187" } }, { "category": "product_version_range", "name": "vers:unknown/v6.2.0-beta.0", "product": { "name": "vers:unknown/v6.2.0-beta.0", "product_id": "CSAFPID-3721188" } }, { "category": "product_version_range", "name": "vers:unknown/v6.2.0-beta.1", "product": { "name": "vers:unknown/v6.2.0-beta.1", "product_id": "CSAFPID-3721189" } }, { "category": "product_version_range", "name": "vers:unknown/v6.2.1", "product": { "name": "vers:unknown/v6.2.1", "product_id": "CSAFPID-3721190" } }, { "category": "product_version_range", "name": "vers:unknown/v6.2.2", "product": { "name": "vers:unknown/v6.2.2", "product_id": "CSAFPID-3721191" } }, { "category": "product_version_range", "name": "vers:unknown/v6.3.0", "product": { "name": "vers:unknown/v6.3.0", "product_id": "CSAFPID-3721192" } }, { "category": "product_version_range", "name": "vers:unknown/v6.3.0-beta.0", "product": { "name": "vers:unknown/v6.3.0-beta.0", "product_id": "CSAFPID-3721193" } }, { "category": "product_version_range", "name": "vers:unknown/v6.3.0-beta.1", "product": { "name": "vers:unknown/v6.3.0-beta.1", "product_id": "CSAFPID-3721194" } }, { "category": "product_version_range", "name": "vers:unknown/v6.3.0-beta.2", "product": { "name": "vers:unknown/v6.3.0-beta.2", "product_id": "CSAFPID-3721195" } }, { "category": "product_version_range", "name": "vers:unknown/v6.3.1", "product": { "name": "vers:unknown/v6.3.1", "product_id": "CSAFPID-3721196" } }, { "category": "product_version_range", "name": "vers:unknown/v6.3.2", "product": { "name": "vers:unknown/v6.3.2", "product_id": "CSAFPID-3721197" } }, { "category": "product_version_range", "name": "vers:unknown/v6.3.3", "product": { "name": "vers:unknown/v6.3.3", "product_id": "CSAFPID-3721198" } }, { "category": "product_version_range", "name": "vers:unknown/v6.3.4", "product": { "name": "vers:unknown/v6.3.4", "product_id": "CSAFPID-3721199" } }, { "category": "product_version_range", "name": "vers:unknown/v6.3.5", "product": { "name": "vers:unknown/v6.3.5", "product_id": "CSAFPID-3721200" } }, { "category": "product_version_range", "name": "vers:unknown/v7.0.0", "product": { "name": "vers:unknown/v7.0.0", "product_id": "CSAFPID-3721201" } }, { "category": "product_version_range", "name": "vers:unknown/v7.0.0-beta.0", "product": { "name": "vers:unknown/v7.0.0-beta.0", "product_id": "CSAFPID-3721202" } }, { "category": "product_version_range", "name": "vers:unknown/v7.0.0-beta.1", "product": { "name": "vers:unknown/v7.0.0-beta.1", "product_id": "CSAFPID-3721203" } }, { "category": "product_version_range", "name": "vers:unknown/v7.0.0-beta.2", "product": { "name": "vers:unknown/v7.0.0-beta.2", "product_id": "CSAFPID-3721204" } }, { "category": "product_version_range", "name": "vers:unknown/v7.0.1", "product": { "name": "vers:unknown/v7.0.1", "product_id": "CSAFPID-3721205" } }, { "category": "product_version_range", "name": "vers:unknown/v7.0.2", "product": { "name": "vers:unknown/v7.0.2", "product_id": "CSAFPID-3721206" } }, { "category": "product_version_range", "name": "vers:unknown/v7.0.3", "product": { "name": "vers:unknown/v7.0.3", "product_id": "CSAFPID-3721207" } }, { "category": "product_version_range", "name": "vers:unknown/v7.0.4", "product": { "name": "vers:unknown/v7.0.4", "product_id": "CSAFPID-3721208" } }, { "category": "product_version_range", "name": "vers:unknown/v7.0.5", "product": { "name": "vers:unknown/v7.0.5", "product_id": "CSAFPID-3721209" } }, { "category": "product_version_range", "name": "vers:unknown/v7.0.6", "product": { "name": "vers:unknown/v7.0.6", "product_id": "CSAFPID-3721210" } }, { "category": "product_version_range", "name": "vers:unknown/v7.1.0", "product": { "name": "vers:unknown/v7.1.0", "product_id": "CSAFPID-3721211" } }, { "category": "product_version_range", "name": "vers:unknown/v7.1.0-beta.0", "product": { "name": "vers:unknown/v7.1.0-beta.0", "product_id": "CSAFPID-3721212" } }, { "category": "product_version_range", "name": "vers:unknown/v7.1.0-beta.1", "product": { "name": "vers:unknown/v7.1.0-beta.1", "product_id": "CSAFPID-3721213" } }, { "category": "product_version_range", "name": "vers:unknown/v7.1.1", "product": { "name": "vers:unknown/v7.1.1", "product_id": "CSAFPID-3721214" } }, { "category": "product_version_range", "name": "vers:unknown/v7.1.2", "product": { "name": "vers:unknown/v7.1.2", "product_id": "CSAFPID-3721215" } }, { "category": "product_version_range", "name": "vers:unknown/v7.1.3", "product": { "name": "vers:unknown/v7.1.3", "product_id": "CSAFPID-3721216" } }, { "category": "product_version_range", "name": "vers:unknown/v7.1.4", "product": { "name": "vers:unknown/v7.1.4", "product_id": "CSAFPID-3721217" } } ], "category": "product_name", "name": "vite" } ], "category": "vendor", "name": "vitejs" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-58751", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" }, "notes": [ { "category": "description", "text": "Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the `server.fs` settings. Only apps that explicitly expose the Vite dev server to the network (using --host or `server.host` config option), use the public directory feature (enabled by default), and have a symlink in the public directory are affected. Versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20 fix the issue.", "title": "nvd - https://nvd.nist.gov/vuln/detail/CVE-2025-58751" }, { "category": "description", "text": "Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the `server.fs` settings. Only apps that explicitly expose the Vite dev server to the network (using --host or `server.host` config option), use the public directory feature (enabled by default), and have a symlink in the public directory are affected. Versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20 fix the issue.", "title": "cveprojectv5 - https://www.cve.org/CVERecord?id=CVE-2025-58751" }, { "category": "description", "text": "### Summary\nFiles starting with the same name with the public directory were served bypassing the `server.fs` settings.\n\n### Impact\nOnly apps that match the following conditions are affected:\n\n- explicitly exposes the Vite dev server to the network (using --host or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host))\n- uses [the public directory feature](https://vite.dev/guide/assets.html#the-public-directory) (enabled by default)\n- a symlink exists in the public directory\n\n### Details\nThe [servePublicMiddleware](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L79) function is in charge of serving public files from the server. It returns the [viteServePublicMiddleware](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L106) function which runs the needed tests and serves the page. The viteServePublicMiddleware function [checks if the publicFiles variable is defined](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L111), and then uses it to determine if the requested page is public. In the case that the publicFiles is undefined, the code will treat the requested page as a public page, and go on with the serving function. [publicFiles may be undefined if there is a symbolic link anywhere inside the public directory](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/publicDir.ts#L21). In that case, every requested page will be passed to the public serving function. The serving function is based on the [sirv](https://github.com/lukeed/sirv) library. Vite patches the library to add the possibility to test loading access to pages, but when the public page middleware [disables this functionality](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L89) since public pages are meant to be available always, regardless of whether they are in the allow or deny list.\n\nIn the case of public pages, the serving function is [provided with the path to the public directory](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L85) as a root directory. The code of the sirv library [uses the join function to get the full path to the requested file](https://github.com/lukeed/sirv/blob/d061616827dd32d53b61ec9530c9445c8f592620/packages/sirv/index.mjs#L42). For example, if the public directory is \"/www/public\", and the requested file is \"myfile\", the code will join them to the string \"/www/public/myfile\". The code will then pass this string to the normalize function. Afterwards, the code will [use the string's startsWith function](https://github.com/lukeed/sirv/blob/d061616827dd32d53b61ec9530c9445c8f592620/packages/sirv/index.mjs#L43) to determine whether the created path is within the given directory or not. Only if it is, it will be served.\n\nSince [sirv trims the trailing slash of the public directory](https://github.com/lukeed/sirv/blob/d061616827dd32d53b61ec9530c9445c8f592620/packages/sirv/index.mjs#L119), the string's startsWith function may return true even if the created path is not within the public directory. For example, if the server's root is at \"/www\", and the public directory is at \"/www/p\", if the created path will be \"/www/private.txt\", the startsWith function will still return true, because the string \"/www/private.txt\" starts with  \"/www/p\". To achieve this, the attacker will use \"..\" to ask for the file \"../private.txt\". The code will then join it to the \"/www/p\" string, and will receive \"/www/p/../private.txt\". Then, the normalize function will return \"/www/private.txt\", which will then be passed to the startsWith function, which will return true, and the processing of the page will continue without checking the deny list (since this is the public directory middleware which doesn't check that).\n\n### PoC\nExecute the following shell commands:\n\n```\nnpm create vite@latest\ncd vite-project/\nmkdir p\ncd p\nln -s a b\ncd ..\necho 'import path from \"node:path\"; import { defineConfig } from \"vite\"; export default defineConfig({publicDir: path.resolve(__dirname, \"p/\"), server: {fs: {deny: [path.resolve(__dirname, \"private.txt\")]}}})' > vite.config.js\necho \"secret\" > private.txt\nnpm install\nnpm run dev\n```\n\nThen, in a different shell, run the following command:\n\n`curl -v --path-as-is 'http://localhost:5173/private.txt'`\n\nYou will receive a 403 HTTP Response,  because private.txt is denied.\n\nNow in the same shell run the following command:\n\n`curl -v --path-as-is 'http://localhost:5173/../private.txt'`\n\nYou will receive the contents of private.txt.\n\n### Related links\n- https://github.com/lukeed/sirv/commit/f0113f3f8266328d804ee808f763a3c11f8997eb", "title": "github - https://github.com/advisories/GHSA-g4jq-h2w9-997c" }, { "category": "description", "text": "Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the `server.fs` settings. Only apps that explicitly expose the Vite dev server to the network (using --host or `server.host` config option), use the public directory feature (enabled by default), and have a symlink in the public directory are affected. Versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20 fix the issue.", "title": "osv - https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/GIT%2FCVE-2025-58751.json?alt=media" }, { "category": "description", "text": "### Summary\nFiles starting with the same name with the public directory were served bypassing the `server.fs` settings.\n\n### Impact\nOnly apps that match the following conditions are affected:\n\n- explicitly exposes the Vite dev server to the network (using --host or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host))\n- uses [the public directory feature](https://vite.dev/guide/assets.html#the-public-directory) (enabled by default)\n- a symlink exists in the public directory\n\n### Details\nThe [servePublicMiddleware](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L79) function is in charge of serving public files from the server. It returns the [viteServePublicMiddleware](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L106) function which runs the needed tests and serves the page. The viteServePublicMiddleware function [checks if the publicFiles variable is defined](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L111), and then uses it to determine if the requested page is public. In the case that the publicFiles is undefined, the code will treat the requested page as a public page, and go on with the serving function. [publicFiles may be undefined if there is a symbolic link anywhere inside the public directory](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/publicDir.ts#L21). In that case, every requested page will be passed to the public serving function. The serving function is based on the [sirv](https://github.com/lukeed/sirv) library. Vite patches the library to add the possibility to test loading access to pages, but when the public page middleware [disables this functionality](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L89) since public pages are meant to be available always, regardless of whether they are in the allow or deny list.\n\nIn the case of public pages, the serving function is [provided with the path to the public directory](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L85) as a root directory. The code of the sirv library [uses the join function to get the full path to the requested file](https://github.com/lukeed/sirv/blob/d061616827dd32d53b61ec9530c9445c8f592620/packages/sirv/index.mjs#L42). For example, if the public directory is \"/www/public\", and the requested file is \"myfile\", the code will join them to the string \"/www/public/myfile\". The code will then pass this string to the normalize function. Afterwards, the code will [use the string's startsWith function](https://github.com/lukeed/sirv/blob/d061616827dd32d53b61ec9530c9445c8f592620/packages/sirv/index.mjs#L43) to determine whether the created path is within the given directory or not. Only if it is, it will be served.\n\nSince [sirv trims the trailing slash of the public directory](https://github.com/lukeed/sirv/blob/d061616827dd32d53b61ec9530c9445c8f592620/packages/sirv/index.mjs#L119), the string's startsWith function may return true even if the created path is not within the public directory. For example, if the server's root is at \"/www\", and the public directory is at \"/www/p\", if the created path will be \"/www/private.txt\", the startsWith function will still return true, because the string \"/www/private.txt\" starts with  \"/www/p\". To achieve this, the attacker will use \"..\" to ask for the file \"../private.txt\". The code will then join it to the \"/www/p\" string, and will receive \"/www/p/../private.txt\". Then, the normalize function will return \"/www/private.txt\", which will then be passed to the startsWith function, which will return true, and the processing of the page will continue without checking the deny list (since this is the public directory middleware which doesn't check that).\n\n### PoC\nExecute the following shell commands:\n\n```\nnpm create vite@latest\ncd vite-project/\nmkdir p\ncd p\nln -s a b\ncd ..\necho 'import path from \"node:path\"; import { defineConfig } from \"vite\"; export default defineConfig({publicDir: path.resolve(__dirname, \"p/\"), server: {fs: {deny: [path.resolve(__dirname, \"private.txt\")]}}})' > vite.config.js\necho \"secret\" > private.txt\nnpm install\nnpm run dev\n```\n\nThen, in a different shell, run the following command:\n\n`curl -v --path-as-is 'http://localhost:5173/private.txt'`\n\nYou will receive a 403 HTTP Response,  because private.txt is denied.\n\nNow in the same shell run the following command:\n\n`curl -v --path-as-is 'http://localhost:5173/../private.txt'`\n\nYou will receive the contents of private.txt.\n\n### Related links\n- https://github.com/lukeed/sirv/commit/f0113f3f8266328d804ee808f763a3c11f8997eb", "title": "osv - https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/npm%2FGHSA-g4jq-h2w9-997c.json?alt=media" }, { "category": "description", "text": "Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the `server.fs` settings. Only apps that explicitly expose the Vite dev server to the network (using --host or `server.host` config option), use the public directory feature (enabled by default), and have a symlink in the public directory are affected. Versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20 fix the issue.", "title": "siemens - https://cert-portal.siemens.com/productcert/csaf/ssa-485750.json" }, { "category": "description", "text": "Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the `server.fs` settings. Only apps that explicitly expose the Vite dev server to the network (using --host or `server.host` config option), use the public directory feature (enabled by default), and have a symlink in the public directory are affected. Versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20 fix the issue.", "title": "nvd - https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-58751" }, { "category": "other", "text": "0.01421", "title": "EPSS" }, { "category": "other", "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "title": "CVSSV4" }, { "category": "other", "text": "2.3", "title": "CVSSV4 base score" }, { "category": "other", "text": "6.9", "title": "NCSC Score" }, { "category": "other", "text": "Is related to a product by vendor Siemens, VENDOR FIX as product remediation category, There is cvss data available from source Siemens, There is cwe data available from source Siemens, There is product data available from source Siemens", "title": "NCSC Score top increasing factors" }, { "category": "other", "text": "There is exploit data available from source Nvd", "title": "NCSC Score top decreasing factors" } ], "product_status": { "known_affected": [ "CSAFPID-3103287", "CSAFPID-3103288", "CSAFPID-3103289", "CSAFPID-3103290", "CSAFPID-3721046", "CSAFPID-3721047", "CSAFPID-3721048", "CSAFPID-3721049", "CSAFPID-3721050", "CSAFPID-3721051", "CSAFPID-3721052", "CSAFPID-3721053", "CSAFPID-3721054", "CSAFPID-3721055", "CSAFPID-3721056", "CSAFPID-3721057", "CSAFPID-3721058", "CSAFPID-3721059", "CSAFPID-3721060", "CSAFPID-3721061", "CSAFPID-3721062", "CSAFPID-3721067", "CSAFPID-3721068", "CSAFPID-3721069", "CSAFPID-3721070", "CSAFPID-3721071", "CSAFPID-3721072", "CSAFPID-3721075", "CSAFPID-3721076", "CSAFPID-3721077", "CSAFPID-3721078", "CSAFPID-3721159", "CSAFPID-3721171", "CSAFPID-3721172", "CSAFPID-3721173", "CSAFPID-3721174", "CSAFPID-3721175", "CSAFPID-3721176", "CSAFPID-3721177", "CSAFPID-3721178", "CSAFPID-3721179", "CSAFPID-3721180", "CSAFPID-3721181", "CSAFPID-3721182", "CSAFPID-3721183", "CSAFPID-3721184", "CSAFPID-3721185", "CSAFPID-3721186", "CSAFPID-3721187", "CSAFPID-3721188", "CSAFPID-3721189", "CSAFPID-3721190", "CSAFPID-3721191", "CSAFPID-3721192", "CSAFPID-3721193", "CSAFPID-3721194", "CSAFPID-3721195", "CSAFPID-3721196", "CSAFPID-3721197", "CSAFPID-3721198", "CSAFPID-3721199", "CSAFPID-3721200", "CSAFPID-3721201", "CSAFPID-3721205", "CSAFPID-3721206", "CSAFPID-3721207", "CSAFPID-3721208", "CSAFPID-3721209", "CSAFPID-3721210", "CSAFPID-3721211", "CSAFPID-3721214", "CSAFPID-3721215", "CSAFPID-3721216", "CSAFPID-3721217", "CSAFPID-4957542", "CSAFPID-3720518", "CSAFPID-3720519", "CSAFPID-3720520", "CSAFPID-3720521", "CSAFPID-3720522", "CSAFPID-3720523", "CSAFPID-3720524", "CSAFPID-3720525", "CSAFPID-3720526", "CSAFPID-3720527", "CSAFPID-3720528", "CSAFPID-3720529", "CSAFPID-3720530", "CSAFPID-3720531", "CSAFPID-3720532", "CSAFPID-3720533", "CSAFPID-3720534", "CSAFPID-3720535", "CSAFPID-3720536", "CSAFPID-3720537", "CSAFPID-3720538", "CSAFPID-3720539", "CSAFPID-3720540", "CSAFPID-3720549", "CSAFPID-3720550", "CSAFPID-3720551", "CSAFPID-3720552", "CSAFPID-3720553", "CSAFPID-3720554", "CSAFPID-3720555", "CSAFPID-3720556", "CSAFPID-3720557", "CSAFPID-3720558", "CSAFPID-3720559", "CSAFPID-3720560", "CSAFPID-3720561", "CSAFPID-3720562", "CSAFPID-3720563", "CSAFPID-3720564", "CSAFPID-3720565", "CSAFPID-3720566", "CSAFPID-3720567", "CSAFPID-3720568", "CSAFPID-3720644", "CSAFPID-3720645", "CSAFPID-3720646", "CSAFPID-3720766", "CSAFPID-3720793", "CSAFPID-3721073", "CSAFPID-3721074", "CSAFPID-3721202", "CSAFPID-3721203", "CSAFPID-3721204", "CSAFPID-3721212", "CSAFPID-3721213", "CSAFPID-5771496" ] }, "references": [ { "category": "external", "summary": "Source - nvd", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58751" }, { "category": "external", "summary": "Source raw - nvd", "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-58751" }, { "category": "external", "summary": "Source - cveprojectv5", "url": "https://www.cve.org/CVERecord?id=CVE-2025-58751" }, { "category": "external", "summary": "Source raw - cveprojectv5", "url": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/58xxx/CVE-2025-58751.json" }, { "category": "external", "summary": "Source - first", "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58751" }, { "category": "external", "summary": "Source raw - first", "url": "https://api.first.org/data/v1/epss?limit=10000&offset=0" }, { "category": "external", "summary": "Source - github", "url": "https://github.com/advisories/GHSA-g4jq-h2w9-997c" }, { "category": "external", "summary": "Source raw - github", "url": "https://api.github.com/advisories/GHSA-g4jq-h2w9-997c" }, { "category": "external", "summary": "Source - osv", "url": "https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/GIT%2FCVE-2025-58751.json?alt=media" }, { "category": "external", "summary": "Source - osv", "url": "https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/npm%2FGHSA-g4jq-h2w9-997c.json?alt=media" }, { "category": "external", "summary": "Source - siemens", "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-485750.json" }, { "category": "external", "summary": "Source - ncscclear", "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2026-0079" }, { "category": "external", "summary": "Source - first", "url": "https://api.first.org/data/v1/epss?limit=10000&offset=10000" }, { "category": "external", "summary": "Source - nvd", "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-58751" }, { "category": "external", "summary": "Source - first", "url": "https://api.first.org/data/v1/epss?limit=10000&offset=20000" }, { "category": "external", "summary": "Source - first", "url": "https://api.first.org/data/v1/epss?limit=10000&offset=30000" }, { "category": "external", "summary": "Reference - cveprojectv5; github; nvd; osv", "url": "https://github.com/lukeed/sirv/commit/f0113f3f8266328d804ee808f763a3c11f8997eb" }, { "category": "external", "summary": "Reference - cveprojectv5; github; nvd; osv", "url": "https://github.com/vitejs/vite/commit/09f2b52e8d5907f26602653caf41b3a56692600d" }, { "category": "external", "summary": "Reference - cveprojectv5; github; nvd; osv", "url": "https://github.com/vitejs/vite/commit/4f1c35bcbb5830290c694aa14b6789e07450f069" }, { "category": "external", "summary": "Reference - cveprojectv5; github; nvd; osv", "url": "https://github.com/vitejs/vite/commit/63e2a5d232218f3f8d852056751e609a5367aaec" }, { "category": "external", "summary": "Reference - cveprojectv5; github; nvd; osv", "url": "https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0" }, { "category": "external", "summary": "Reference - cveprojectv5; github; nvd; osv", "url": "https://github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2w9-997c" }, { "category": "external", "summary": "Reference - github; osv", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58751" }, { "category": "external", "summary": "Reference - github", "url": "https://github.com/advisories/GHSA-g4jq-h2w9-997c" }, { "category": "external", "summary": "Reference - osv", "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/58xxx/CVE-2025-58751.json" }, { "category": "external", "summary": "Reference - siemens", "url": "https://cert-portal.siemens.com/productcert/html/ssa-485750.html" }, { "category": "external", "summary": "Reference - siemens", "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-485750.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V4.0.800 or later version", "product_ids": [ "CSAFPID-5771496" ] } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-3103287", "CSAFPID-3103288", "CSAFPID-3103289", "CSAFPID-3103290", "CSAFPID-3720518", "CSAFPID-3720519", "CSAFPID-3720520", "CSAFPID-3720521", "CSAFPID-3720522", "CSAFPID-3720523", "CSAFPID-3720524", "CSAFPID-3720525", "CSAFPID-3720526", "CSAFPID-3720527", "CSAFPID-3720528", "CSAFPID-3720529", "CSAFPID-3720530", "CSAFPID-3720531", "CSAFPID-3720532", "CSAFPID-3720533", "CSAFPID-3720534", "CSAFPID-3720535", "CSAFPID-3720536", "CSAFPID-3720537", "CSAFPID-3720538", "CSAFPID-3720539", "CSAFPID-3720540", "CSAFPID-3720549", "CSAFPID-3720550", "CSAFPID-3720551", "CSAFPID-3720552", "CSAFPID-3720553", "CSAFPID-3720554", "CSAFPID-3720555", "CSAFPID-3720556", "CSAFPID-3720557", "CSAFPID-3720558", "CSAFPID-3720559", "CSAFPID-3720560", "CSAFPID-3720561", "CSAFPID-3720562", "CSAFPID-3720563", "CSAFPID-3720564", "CSAFPID-3720565", "CSAFPID-3720566", "CSAFPID-3720567", "CSAFPID-3720568", "CSAFPID-3720644", "CSAFPID-3720645", "CSAFPID-3720646", "CSAFPID-3720766", "CSAFPID-3720793", "CSAFPID-3721046", "CSAFPID-3721047", "CSAFPID-3721048", "CSAFPID-3721049", "CSAFPID-3721050", "CSAFPID-3721051", "CSAFPID-3721052", "CSAFPID-3721053", "CSAFPID-3721054", "CSAFPID-3721055", "CSAFPID-3721056", "CSAFPID-3721057", "CSAFPID-3721058", "CSAFPID-3721059", "CSAFPID-3721060", "CSAFPID-3721061", "CSAFPID-3721062", "CSAFPID-3721067", "CSAFPID-3721068", "CSAFPID-3721069", "CSAFPID-3721070", "CSAFPID-3721071", "CSAFPID-3721072", "CSAFPID-3721073", "CSAFPID-3721074", "CSAFPID-3721075", "CSAFPID-3721076", "CSAFPID-3721077", "CSAFPID-3721078", "CSAFPID-3721159", "CSAFPID-3721171", "CSAFPID-3721172", "CSAFPID-3721173", "CSAFPID-3721174", "CSAFPID-3721175", "CSAFPID-3721176", "CSAFPID-3721177", "CSAFPID-3721178", "CSAFPID-3721179", "CSAFPID-3721180", "CSAFPID-3721181", "CSAFPID-3721182", "CSAFPID-3721183", "CSAFPID-3721184", "CSAFPID-3721185", "CSAFPID-3721186", "CSAFPID-3721187", "CSAFPID-3721188", "CSAFPID-3721189", "CSAFPID-3721190", "CSAFPID-3721191", "CSAFPID-3721192", "CSAFPID-3721193", "CSAFPID-3721194", "CSAFPID-3721195", "CSAFPID-3721196", "CSAFPID-3721197", "CSAFPID-3721198", "CSAFPID-3721199", "CSAFPID-3721200", "CSAFPID-3721201", "CSAFPID-3721202", "CSAFPID-3721203", "CSAFPID-3721204", "CSAFPID-3721205", "CSAFPID-3721206", "CSAFPID-3721207", "CSAFPID-3721208", "CSAFPID-3721209", "CSAFPID-3721210", "CSAFPID-3721211", "CSAFPID-3721212", "CSAFPID-3721213", "CSAFPID-3721214", "CSAFPID-3721215", "CSAFPID-3721216", "CSAFPID-3721217", "CSAFPID-4957542", "CSAFPID-5771496" ] } ], "title": "CVE-2025-58751" } ] }