Nuxt Devtools vulnerabilities

CVE-2025-52662 [MEDIUM] CWE-79 CVE-2025-52662: A vulnerability in Nuxt DevTools has been fixed in version **2.6.4***. This issue may have allowed N A vulnerability in Nuxt DevTools has been fixed in version **2.6.4***. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are encouraged to upgrade. More details: https://vercel.com/changelog/cve-2025-52662-xss-on-nuxt-devtools

CVE-2024-23657 [HIGH] CWE-22 Nuxt Devtools has a Path Traversal: '../filedir' Nuxt Devtools has a Path Traversal: '../filedir' ### Summary Nuxt Devtools is missing authentication on the `getTextAssetContent` RPC function which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an attacker is able to interact with a locally running devtools instance and exfiltrate data abusing this vulnerability. In certain configurations an attacker could leak the