Vulnerability Database

308,926

Total vulnerabilities in the database

CVE-2025-57753

vite-plugin-static-copy is rollup-plugin-copy for Vite with dev server support. Files not included in src are accessible with a crafted request. The vulnerability is fixed in 2.3.2 and 3.1.2.

Published: Aug 21, 2025
Updated: Nov 17, 2025
CVE: CVE-2025-57753
GHSA: GHSA-pp7p-q8fx-2968
Severity: Medium
Exploit:

No technical information available.

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
vite-plugin-static-copy	3.0.0	3.1.2
vite-plugin-static-copy	0.4.3	2.3.2

https://github.com/sapphi-red/vite-plugin-static-copy/commit/0bc6b49ed72b46eecfc9682045f4b46a19694969
https://github.com/sapphi-red/vite-plugin-static-copy/commit/4627afb8582083eab733881d3d974e1c1f23997d
https://github.com/sapphi-red/vite-plugin-static-copy/releases/tag/vite-plugin-static-copy%402.3.2
https://github.com/sapphi-red/vite-plugin-static-copy/releases/tag/vite-plugin-static-copy%403.1.2
https://github.com/sapphi-red/vite-plugin-static-copy/security/advisories/GHSA-pp7p-q8fx-2968

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo