Attempts to Exploit Exposed "Vite" Installs (CVE-2025-30208), (Thu, Apr 2nd)
ID: 06b42f14-6aff-5243-a395-13e675c2d005
STIX ID: report--06b42f14-6aff-5243-a395-13e675c2d005
Feed Name: SANS ISC Diary
Threat Score
Observed exploitation of Vite (CVE-2025-30208) where attackers use the '/@fs/' prefix and '?raw??' suffix to bypass directory restrictions and download arbitrary files (examples: /etc/environment, ~/.aws/credentials), with honeypot logs confirming active attempts to retrieve sensitive configuration and credential files.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.