CVE-2025-24361MEDIUM≥ 3.0.0, < 3.15.32025-01-27
CVE-2025-24361 [MEDIUM] CWE-749 Opening a malicious website while running a Nuxt dev server could allow read-only access to code
Opening a malicious website while running a Nuxt dev server could allow read-only access to code
### Summary
Source code may be stolen during dev when using webpack / rspack builder and you open a malicious web site.
### Details
Because the request for classic script by a script tag is not subject to same origin policy, an attacker can inject `` in their site and run
ghsaosv