CVE-2025-30208

This exploit demonstrates an arbitrary file read vulnerability in Vite by appending `?raw` to the URL, bypassing the `@fs` allow list. It tests for the presence of the vulnerability and optionally displays file contents.

This repository contains a Python-based exploit for CVE-2025-30208, an arbitrary file read vulnerability in Vite development servers. The script tests multiple payloads and URLs to confirm the vulnerability by attempting to read sensitive files like /etc/passwd.

This repository contains a Python-based scanner for detecting CVE-2025-30208 and CVE-2025-31125 vulnerabilities in Vite development servers. It supports both automated (FOFA API-based) and manual (CIDR-based) target collection, multi-threaded scanning, and CSV report generation.

This repository contains a functional PoC for CVE-2025-30208, an arbitrary file read vulnerability in Vite's `/@fs/` path traversal due to improper query sanitization. The exploit bypasses `server.fs.allow` checks by crafting malformed query strings, enabling unauthorized file access.

This repository contains a Python-based scanner for detecting CVE-2025-30208 in Vite applications. It supports batch scanning, multithreading, and proxy usage, with results saved to a file.

This repository contains a comprehensive security scanner for CVE-2025-30208, designed to detect vulnerabilities in web applications. The scanner includes multiple modules for payload generation, sensitive file detection, and HTML template analysis.

This PoC exploits CVE-2025-30208, an arbitrary file read vulnerability in Vite's development server. It bypasses access controls by appending `?raw` to URLs, allowing retrieval of arbitrary files from vulnerable servers.

This repository contains a Go-based tool for detecting and exploiting arbitrary file read vulnerabilities in Vite development servers (CVE-2025-30208, CVE-2025-31125, CVE-2025-31486). It includes functionality for batch scanning, integration with FOFA for asset discovery, and deep exploitation to extract sensitive files.

This repository provides a detailed guide and proof-of-concept for exploiting four arbitrary file read vulnerabilities in Vite development servers (CVE-2025-30208, CVE-2025-31125, CVE-2025-31486, CVE-2025-32395). The PoC includes curl commands and a Python scanner to test and exploit these vulnerabilities.

This PoC exploits CVE-2025-30208, a local file inclusion (LFI) vulnerability in Vite dev server. It bypasses access restrictions by appending '?import&raw??' to the URL, allowing arbitrary file reads. The script supports both command-line and interactive modes.

The repository contains three functional PoC scripts for arbitrary file read vulnerabilities in Vite (CVE-2025-30208, CVE-2025-31125, CVE-2025-31486). Each script exploits different URL parameter combinations to bypass access controls and read sensitive files like /etc/passwd or C:/Windows/win.ini.

The repository contains only a README.md file with minimal information and an image link, providing no functional exploit code or technical details about CVE-2025-30208.

This repository contains a comprehensive security scanner for CVE-2025-30208, including multi-language support and various security checks. The main script appears to be a scanner tool with error handling, validation, and network capabilities.

This repository provides a Nuclei template for detecting CVE-2025-30208, a file read vulnerability in Vite. It includes queries for identifying vulnerable targets but lacks actual exploit code.

This repository contains a Python-based scanner for CVE-2025-30208, which exploits a path traversal vulnerability in Vite to read arbitrary files. The tool includes both basic and advanced system probing capabilities to detect sensitive information.

This repository contains a multi-threaded scanner for detecting Vite servers and testing for CVE-2025-30208, an unauthorized file access vulnerability. It includes scripts for detection, scanning, and Discord notifications for tracking execution status.

This repository contains a multi-threaded Python scanner designed to identify domains vulnerable to CVE-2025-30208, which involves arbitrary file disclosure via the `@fs` endpoint in Vite. The scanner checks for false positives and outputs results in either text or JSONL format.

This repository contains a functional Python exploit for CVE-2025-30208, targeting an arbitrary file read vulnerability in the Vite Dev Server. The script includes multiple bypass techniques and secret scanning capabilities, indicating a well-developed proof-of-concept.

The repository contains extensive CodeQL configuration files but lacks actual exploit code or technical details about CVE-2025-30208. The README focuses on security scanning setup rather than vulnerability analysis.

This script automates the exploitation of CVE-2025-30208, a Local File Inclusion (LFI) vulnerability in Vite.js. It tests multiple payloads and file paths to leak sensitive files from the target system.

This repository contains a Python-based scanner for CVE-2025-30208, which checks for the presence of a vulnerability by attempting to access '/etc/passwd?raw' on target URLs. It supports both single URL and bulk URL scanning via a file, with multi-threading for efficiency.

This repository contains a Python-based scanner and exploiter for CVE-2025-30208, targeting the Vite Dev Server. It checks for vulnerability by sending specific payloads and attempts to exploit it by reading sensitive files like /etc/passwd.

This repository contains a Python-based scanner for CVE-2025-30208, a path traversal vulnerability in Vite. The tool checks for arbitrary file read vulnerabilities by sending crafted requests and analyzing responses for success indicators.

This repository contains a Python-based proof-of-concept for CVE-2025-30208, which exploits a path traversal vulnerability in Vite to read sensitive files like /etc/passwd. The tool supports batch URL checking with threading and WAF detection.

This repository contains a Python-based scanner for CVE-2025-30208, a Vite arbitrary file read vulnerability. It checks for the presence of the vulnerability by attempting to read sensitive files like /etc/passwd or C://windows/win.ini.

This PoC is a scanner for CVE-2025-30208, which checks for the exposure of the `.bash_history` file in Jenkins instances. It performs batch scanning of URLs to detect vulnerable hosts by checking for the presence of sensitive parameters in the response.

The repository contains a Jekyll-based blog with a writeup for CVE-2025-30208, but no actual exploit code. The writeup is likely a technical analysis given the context of the blog's focus on security research.

The repository contains only a minimal README with a CVE reference and no functional exploit code or technical details. It appears to be a placeholder or stub.

This repository contains a functional exploit for CVE-2025-30208, a local file inclusion (LFI) vulnerability in Vite dev server. The exploit bypasses the @fs path restriction by appending ?import&raw?? to the URL, allowing arbitrary file reads.

This repository contains a Python script that scans for the presence of a .bash_history file exposure vulnerability in Jenkins (CVE-2025-30208). It checks for the existence of the file at a specific path and verifies if it contains sensitive parameters, indicating potential exposure.

The repository provides a detailed technical analysis of CVE-2025-30208, an arbitrary file read vulnerability in Vite-based applications. It includes paths for exploitation, detection methods using FoFa, and strategies for bypassing WAFs or 403 restrictions.