Skip to content

Vite security issue CVE-2025-58751  #31158

New issue
New issue
Closed
Bug
#31178
Closed
Vite security issue CVE-2025-58751 #31158
Bug
#31178
Assignees
alan-agius4
Labels
area: @angular/builddevkit/build-angular:dev-serverfreq1: lowOnly reported by a handful of users who observe it rarelyseverity6: securitytype: bug/fix
@rwlogel

Description

@rwlogel
rwlogel
opened on Sep 10, 2025

Command

build

Description

The current vite requirement for Angular 20.2 is 7.1.2 our build system identified this vulnerability CVE https://nvd.nist.gov/vuln/detail/CVE-2025-58751 that is corrected in 7.1.5.

Is there any reason that ~7.1.5 can't be specified so that this and future minor patches can be used?

Describe the solution you'd like

No response

Describe alternatives you've considered

No response

Metadata

Metadata

Assignees

Labels

area: @angular/builddevkit/build-angular:dev-serverfreq1: lowOnly reported by a handful of users who observe it rarelyseverity6: securitytype: bug/fix

Type

Bug

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions