CVE-2025-24963MEDIUMPoC≥ 2.0.4, < 2.1.9·≥ 3.0.0, < 3.0.42025-02-04
CVE-2025-24963 [MEDIUM] CWE-22 Vitest browser mode serves arbitrary files
Vitest browser mode serves arbitrary files
### Summary
`__screenshot-error` handler on the browser mode HTTP server that responds any file on the file system. Especially if the server is exposed on the network by [`browser.api.host: true`](https://vitest.dev/guide/browser/config.html#browser-api), an attacker can send a request to that handler from remote to get the content of arbitrary files.
### Details
This `__screens
ghsaosv