CVE-2025-24360MEDIUM≥ 3.8.1, < 3.15.32025-01-27
CVE-2025-24360 [MEDIUM] CWE-200 Opening a malicious website while running a Nuxt dev server could allow read-only access to code
Opening a malicious website while running a Nuxt dev server could allow read-only access to code
### Summary
Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings.
### Details
While Vite patched the default CORS settings to fix https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6,
ghsaosv