CVE-2025-68155 | vitejs vite-plugin-react up to 0.5.7 React Server __vite_rsc_findSourceMapURL filename path traversal (GHSA-g239-q96q-x4qm)

A vulnerability classified as critical has been found in vitejs vite-plugin-react up to 0.5.7. Affected by this issue is the function __vite_rsc_findSourceMapURL of the component React Server Component. Performing manipulation of the argument filename results in path traversal.

This vulnerability is cataloged as CVE-2025-68155. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More