CVE-2025-67489 | vitejs vite-plugin-react up to 0.5.5 loadserverAction/decodeReply/decodeAction code injection (GHSA-j76j-5p5g-9wfr)

Inserito da Angelo Barbosa | Dic 10, 2025 | CVE

A vulnerability was found in vitejs vite-plugin-react up to 0.5.5. It has been classified as critical. This issue affects the function loadserverAction/decodeReply/decodeAction. This manipulation causes code injection.

This vulnerability is registered as CVE-2025-67489. Remote exploitation of the attack is possible. No exploit is available.

Upgrading the affected component is recommended.

CVE-2025-67489 | vitejs vite-plugin-react up to 0.5.5 loadserverAction/decodeReply/decodeAction code injection (GHSA-j76j-5p5g-9wfr)

Post correlati

CVE-2025-5344 | Bluebird com.bluebird.kiosk.launcher up to 1.1.1 improper export of android application components

CVE-2024-31283 | zorem Advanced Local Pickup for WooCommerce Plugin up to 1.6.2 on WordPress authorization

CVE-2024-43048 | Qualcomm Snapdragon Auto up to WSA8845H GPU Headroom API Call stack-based overflow

CVE-2025-27465 | Xen 4.17.x/4.18.x Flags Recovery denial of service