Vite Vulnerable to Arbitrary File Read via Vite Dev Server WebSocket (opens in new tab)

Combine that with CVE-2025-24010 and any website was able to read any file on developers' computers.

https://github.com/advisories/GHSA-vg6x-rcgg-rjx6