CVE-2025-56648 — MEDIUM (6.5)

Q: How severe is CVE-2025-56648?

CVE-2025-56648 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-56648?

Check the references section above for vendor advisories and patch information. Affected products include: Parceljs Parcel.

Vulnerability Description

npm parcel 2.0.0-alpha and before has an Origin Validation Error vulnerability. Malicious websites can send XMLHTTPRequests to the application's development server and read the response to steal source code when developers visit them.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Parceljs	Parcel	<= 1.10.3

Related Weaknesses (CWE)

CWE-346

References

https://gist.github.com/R4356th/41f468def606b2406e36f7193f5322b8Exploit
https://github.com/parcel-bundler/parcel/commit/4bc56e3242a85491c7edf589966e9b44
https://github.com/parcel-bundler/parcel/discussions/10089Issue Tracking
https://github.com/parcel-bundler/parcel/issues/10216ExploitIssue Tracking

FAQ

What is CVE-2025-56648?

CVE-2025-56648 is a vulnerability with a CVSS score of 6.5 (MEDIUM). npm parcel 2.0.0-alpha and before has an Origin Validation Error vulnerability. Malicious websites can send XMLHTTPRequests to the application's development server and read the response to steal sourc...

How severe is CVE-2025-56648?

CVE-2025-56648 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-56648?

Check the references section above for vendor advisories and patch information. Affected products include: Parceljs Parcel.