CVE-2025-30208

This exploit demonstrates an arbitrary file read vulnerability in Vite by appending `?raw` to the URL, bypassing the `@fs` allow list. It tests for the presence of the vulnerability and optionally displays file contents.

This repository contains a Python-based exploit for CVE-2025-30208, an arbitrary file read vulnerability in Vite development servers. The script tests multiple payloads and URLs to confirm the vulnerability by attempting to read sensitive files like /etc/passwd.

This repository contains a Python-based scanner for detecting CVE-2025-30208 and CVE-2025-31125 vulnerabilities in Vite development servers. It supports both automated (FOFA API-based) and manual (CIDR-based) target collection, multi-threaded scanning, and CSV report generation.

This repository contains a functional PoC for CVE-2025-30208, an arbitrary file read vulnerability in Vite's `/@fs/` path traversal due to improper query sanitization. The exploit bypasses `server.fs.allow` checks by crafting malformed query strings, enabling unauthorized file access.

This repository contains a Python-based scanner for detecting CVE-2025-30208 in Vite applications. It supports batch scanning, multithreading, and proxy usage, with results saved to a file.

This repository contains a comprehensive security scanner for CVE-2025-30208, designed to detect vulnerabilities in web applications. The scanner includes multiple modules for payload generation, sensitive file detection, and HTML template analysis.

This PoC exploits CVE-2025-30208, an arbitrary file read vulnerability in Vite's development server. It bypasses access controls by appending `?raw` to URLs, allowing retrieval of arbitrary files from vulnerable servers.

This repository contains a Go-based tool for detecting and exploiting arbitrary file read vulnerabilities in Vite development servers (CVE-2025-30208, CVE-2025-31125, CVE-2025-31486). It includes functionality for batch scanning, integration with FOFA for asset discovery, and deep exploitation to extract sensitive files.

This repository provides a detailed guide and proof-of-concept for exploiting four arbitrary file read vulnerabilities in Vite development servers (CVE-2025-30208, CVE-2025-31125, CVE-2025-31486, CVE-2025-32395). The PoC includes curl commands and a Python scanner to test and exploit these vulnerabilities.

This PoC exploits CVE-2025-30208, a local file inclusion (LFI) vulnerability in Vite dev server. It bypasses access restrictions by appending '?import&raw??' to the URL, allowing arbitrary file reads. The script supports both command-line and interactive modes.

The repository contains three functional PoC scripts for arbitrary file read vulnerabilities in Vite (CVE-2025-30208, CVE-2025-31125, CVE-2025-31486). Each script exploits different URL parameter combinations to bypass access controls and read sensitive files like /etc/passwd or C:/Windows/win.ini.

The repository contains only a README and an image file, with no actual exploit code. The README is minimal and lacks technical details, instead referencing an external image without providing substantive information about the vulnerability or exploit mechanism.

The repository contains only a README.md file with minimal information and an image link, providing no functional exploit code or technical details about CVE-2025-30208.

This repository contains a comprehensive security scanner for CVE-2025-30208, including multi-language support and various security checks. The main script appears to be a scanner tool with error handling, validation, and network capabilities.

This repository provides a Nuclei template for detecting CVE-2025-30208, a file read vulnerability in Vite. It includes queries for identifying vulnerable targets but lacks actual exploit code.

This repository contains a Python-based scanner for CVE-2025-30208, which exploits a path traversal vulnerability in Vite to read arbitrary files. The tool includes both basic and advanced system probing capabilities to detect sensitive information.

This repository contains a multi-threaded scanner for detecting Vite servers and testing for CVE-2025-30208, an unauthorized file access vulnerability. It includes scripts for detection, scanning, and Discord notifications for tracking execution status.

This repository contains a multi-threaded Python scanner designed to identify domains vulnerable to CVE-2025-30208, which involves arbitrary file disclosure via the `@fs` endpoint in Vite. The scanner checks for false positives and outputs results in either text or JSONL format.

This repository contains a functional Python exploit for CVE-2025-30208, targeting an arbitrary file read vulnerability in the Vite Dev Server. The script includes multiple bypass techniques and secret scanning capabilities, indicating a well-developed proof-of-concept.

The repository contains extensive CodeQL configuration files but lacks actual exploit code or technical details about CVE-2025-30208. The README focuses on security scanning setup rather than vulnerability analysis.

This script automates the exploitation of CVE-2025-30208, a Local File Inclusion (LFI) vulnerability in Vite.js. It tests multiple payloads and file paths to leak sensitive files from the target system.

This repository contains a Python-based scanner for CVE-2025-30208, which checks for the presence of a vulnerability by attempting to access '/etc/passwd?raw' on target URLs. It supports both single URL and bulk URL scanning via a file, with multi-threading for efficiency.

This repository contains a Python-based scanner and exploiter for CVE-2025-30208, targeting the Vite Dev Server. It checks for vulnerability by sending specific payloads and attempts to exploit it by reading sensitive files like /etc/passwd.

This repository contains a Python-based scanner for CVE-2025-30208, a path traversal vulnerability in Vite. The tool checks for arbitrary file read vulnerabilities by sending crafted requests and analyzing responses for success indicators.

This repository contains a Python-based proof-of-concept for CVE-2025-30208, which exploits a path traversal vulnerability in Vite to read sensitive files like /etc/passwd. The tool supports batch URL checking with threading and WAF detection.

This repository contains a Python-based scanner for CVE-2025-30208, a Vite arbitrary file read vulnerability. It checks for the presence of the vulnerability by attempting to read sensitive files like /etc/passwd or C://windows/win.ini.

This PoC is a scanner for CVE-2025-30208, which checks for the exposure of the `.bash_history` file in Jenkins instances. It performs batch scanning of URLs to detect vulnerable hosts by checking for the presence of sensitive parameters in the response.

The repository contains a Jekyll-based blog with a writeup for CVE-2025-30208, but no actual exploit code. The writeup is likely a technical analysis given the context of the blog's focus on security research.

The repository contains only a minimal README with a CVE reference and no functional exploit code or technical details. It appears to be a placeholder or stub.

This repository contains a functional exploit for CVE-2025-30208, a local file inclusion (LFI) vulnerability in Vite dev server. The exploit bypasses the @fs path restriction by appending ?import&raw?? to the URL, allowing arbitrary file reads.

This repository contains a Python script that scans for the presence of a .bash_history file exposure vulnerability in Jenkins (CVE-2025-30208). It checks for the existence of the file at a specific path and verifies if it contains sensitive parameters, indicating potential exposure.

The repository provides a detailed technical analysis of CVE-2025-30208, an arbitrary file read vulnerability in Vite-based applications. It includes paths for exploitation, detection methods using FoFa, and strategies for bypassing WAFs or 403 restrictions.