CVE-2025-59341

Vulnerability Description

esm.sh is a nobuild content delivery network(CDN) for modern web development. In 136 and earlier, a Local File Inclusion (LFI) issue was identified in the esm.sh service URL handling. An attacker could craft a request that causes the server to read and return files from the host filesystem (or other unintended file sources).

Related Weaknesses (CWE)

CWE-23

References

https://github.com/esm-dev/esm.sh/blob/c62f191d32639314ff0525d1c3c0e19ea2b16143/
https://github.com/esm-dev/esm.sh/security/advisories/GHSA-49pv-gwxp-532r

FAQ

What is CVE-2025-59341?

CVE-2025-59341 is a documented vulnerability. esm.sh is a nobuild content delivery network(CDN) for modern web development. In 136 and earlier, a Local File Inclusion (LFI) issue was identified in the esm.sh service URL handling. An attacker coul...

How severe is CVE-2025-59341?

CVSS scoring is not yet available for CVE-2025-59341. Check NVD for updates.

Is there a patch for CVE-2025-59341?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.