CVE-2025-67489 | vitejs vite-plugin-react up to 0.5.5 loadserverAction/decodeReply/decodeAction code injection (GHSA-j76j-5p5g-9wfr)

Inserito da Angelo Barbosa | Dic 10, 2025 | CVE

A vulnerability was found in vitejs vite-plugin-react up to 0.5.5. It has been classified as critical. This issue affects the function loadserverAction/decodeReply/decodeAction. This manipulation causes code injection.

This vulnerability is registered as CVE-2025-67489. Remote exploitation of the attack is possible. No exploit is available.

Upgrading the affected component is recommended.

CVE-2025-67489 | vitejs vite-plugin-react up to 0.5.5 loadserverAction/decodeReply/decodeAction code injection (GHSA-j76j-5p5g-9wfr)

Post correlati

CVE-2025-8176 | LibTIFF up to 4.7.0 tools/tiffmedian.c get_histogram use after free (Issue 707)

CVE-2025-57069 | Tenda G3 15.11.0.17 getsinglepppuser pPppUser stack-based overflow

CVE-2024-31081 | X.org X11 Server up to 21.1.11 ProcXIPassiveGrabDevice heap-based overflow

CVE-2024-28752 | Apache CXF up to 3.5.7/3.6.2/4.0.3 Aegis Databinding server-side request forgery