Medium severityOSV Advisory· Published Aug 21, 2025· Updated Jun 17, 2026
CVE-2025-57753
CVE-2025-57753
Description
vite-plugin-static-copy is rollup-plugin-copy for Vite with dev server support. Files not included in src are accessible with a crafted request. The vulnerability is fixed in 2.3.2 and 3.1.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
vite-plugin-static-copynpm | >= 3.0.0, < 3.1.2 | 3.1.2 |
vite-plugin-static-copynpm | >= 0.4.3, < 2.3.2 | 2.3.2 |
Affected products
2- Range: v0.10.0, v0.11.0, v0.11.1, …
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-pp7p-q8fx-2968ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-57753ghsaADVISORY
- github.com/sapphi-red/vite-plugin-static-copy/commit/0bc6b49ed72b46eecfc9682045f4b46a19694969ghsaWEB
- github.com/sapphi-red/vite-plugin-static-copy/commit/4627afb8582083eab733881d3d974e1c1f23997dghsaWEB
- github.com/sapphi-red/vite-plugin-static-copy/releases/tag/vite-plugin-static-copy%402.3.2ghsaWEB
- github.com/sapphi-red/vite-plugin-static-copy/releases/tag/vite-plugin-static-copy%403.1.2ghsaWEB
- github.com/sapphi-red/vite-plugin-static-copy/security/advisories/GHSA-pp7p-q8fx-2968nvdWEB
News mentions
0No linked articles in our index yet.