CVE-2025-59414
- Source
- https://cve.org/CVERecord?id=CVE-2025-59414
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59414.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-59414
- Aliases
- Published
- 2025-09-17T18:39:38.193Z
- Modified
- 2026-04-10T05:32:00.922039Z
- Severity
-
- 3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Nuxt Client-Side Path Traversal in Nuxt Island Payload Revival
- Details
-
Nuxt is an open-source web development framework for Vue.js. Prior to 3.19.0 and 4.1.0, A client-side path traversal vulnerability in Nuxt's Island payload revival mechanism allowed attackers to manipulate client-side requests to different endpoints within the same application domain when specific prerendering conditions are met. The vulnerability occurs in the client-side payload revival process (revive-payload.client.ts) where Nuxt Islands are automatically fetched when encountering serialized __nuxt_island objects. During prerendering, if an API endpoint returns user-controlled data containing a crafted __nuxtisland object, he data gets serialized with devalue.stringify and stored in the prerendered page. When a client navigates to the prerendered page, devalue.parse deserializes the payload. The Island reviver attempts to fetch /nuxtisland/${key}.json where key could contain path traversal sequences. Update to Nuxt 3.19.0+ or 4.1.0+.
- Database specific
{ "cwe_ids": [ "CWE-22" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/59xxx/CVE-2025-59414.json", "cna_assigner": "GitHub_M" }- References