Plattform
nodejs
Komponente
webpack-dev-server
Behoben in
5.2.2
5.2.1
CVE-2025-30360 describes a WebSocket hijacking vulnerability within webpack-dev-server. This flaw allows malicious websites, particularly those served over IP addresses, to establish WebSocket connections, potentially leading to code sniffing. The vulnerability affects versions prior to 5.2.1, and a fix has been released.
An attacker can exploit this vulnerability by crafting a malicious website that leverages the flawed Origin header validation in webpack-dev-server. When a user visits this website with a non-Chromium browser, the attacker can potentially hijack WebSocket connections and intercept sensitive data transmitted over those connections. This could include source code, API keys, or other confidential information. The attack resembles the methodology described in CVE-2018-14732, but specifically targets webpack-dev-server's IP address origin handling. The blast radius extends to any application utilizing webpack-dev-server in a development or testing environment where the server is accessible from external networks.
This vulnerability was publicly disclosed on 2025-06-04. There is currently no indication of active exploitation campaigns targeting this specific CVE. Public proof-of-concept code is available, increasing the likelihood of exploitation attempts. The vulnerability is not currently listed on CISA KEV.
Development teams and DevOps engineers utilizing webpack-dev-server in their development or testing workflows are at risk. Specifically, those using older versions of webpack-dev-server (prior to 5.2.1) and those exposing webpack-dev-server to external networks are particularly vulnerable. Shared hosting environments where webpack-dev-server is running on a shared IP address also present a heightened risk.
• nodejs: Monitor webpack-dev-server logs for unusual WebSocket connection attempts originating from unexpected IP addresses. Use lsof or ss to identify active WebSocket connections and their source IPs.
lsof -i :8080 | grep ws• generic web: Examine access logs for requests containing IP addresses in the Origin header. Implement a WAF rule to block requests with IP-based origins.
grep 'Origin: [0-9.]+' /var/log/apache2/access.logdisclosure
Exploit-Status
EPSS
0.06% (18% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to upgrade to webpack-dev-server version 5.2.1 or later, which includes the fix for this vulnerability. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) or proxy server to filter incoming requests and block those with IP addresses in the Origin header. Alternatively, configure webpack-dev-server to strictly enforce allowed origins, preventing connections from unauthorized domains. Regularly review and update webpack-dev-server configurations to ensure adherence to security best practices.
Actualice webpack-dev-server a la versión 5.2.1 o superior. Esto corrige la vulnerabilidad de Cross-site WebSocket hijacking. Ejecute `npm install webpack-dev-server@latest` o `yarn add webpack-dev-server@latest` para actualizar.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-30360 is a medium-severity vulnerability in webpack-dev-server allowing attackers to potentially sniff codes via WebSocket hijacking due to improper Origin header validation.
You are affected if you are using webpack-dev-server versions prior to 5.2.1 and are potentially exposed to external networks.
Upgrade to webpack-dev-server version 5.2.1 or later. Alternatively, implement WAF rules to filter IP-based Origins.
There is currently no indication of active exploitation campaigns, but public proof-of-concept code exists.
Refer to the webpack GitHub repository for updates and advisories: https://github.com/webpack/webpack-dev-server
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.