VBS-2026-0019HIGHCVSS 8.2CWE-285

Vite dev-server unauthorized file access in Bolt ecosystem (CVE-2025-30208)

Vulnerable Vite dev server versions can expose unauthorized file reads, especially when development servers are accidentally internet-exposed.

Published

2025-03-25

Discovered By

Vite ecosystem advisories

CVSS Score

8.2 / 10

Affected AI Platforms

BoltBolt.diyAny Vite dev deployment

Affected Tech Stack

Vite dev serverImproper environment deployment

Remediation

Upgrade Vite and enforce policy that blocks public dev-server exposure.

#bolt#vite#dev-server#unauthorized-file-read#cve

References

https://nvd.nist.gov/vuln/detail/CVE-2025-30208

Check if your app is vulnerable to VBS-2026-0019

PolyDefender detects this and dozens of other AI-specific vulnerability patterns.

FAQ

How do I check if my Vite dev server + Improper environment deployment app is affected by vite dev-server unauthorized file access in Bolt ecosystem (CVE-2025-30208)?

Vulnerable Vite dev server versions can expose unauthorized file reads, especially when development servers are accidentally internet-exposed.. Search your codebase for Vite dev server, Improper environment deployment patterns and verify the remediation has been applied.

Why does Bolt and Bolt.diy generate code with CWE-285 (high severity)?

Vulnerable Vite dev server versions can expose unauthorized file reads, especially when development servers are accidentally internet-exposed.

How do I fix vite dev-server unauthorized file access in Bolt ecosystem (CVE-2025-30208)?

Upgrade Vite and enforce policy that blocks public dev-server exposure.

What is CVE-2025-30208 and how does it affect Bolt projects?

CVE-2025-30208 is a high severity CVE with a CVSS score of 8.2, affecting Bolt, Bolt.diy, Any Vite dev deployment. Vulnerable Vite dev server versions can expose unauthorized file reads, especially when development servers are accidentally internet-exposed..