Description

npm parcel 2.0.0-alpha and before has an Origin Validation Error vulnerability. Malicious websites can send XMLHTTPRequests to the application's development server and read the response to steal source code when developers visit them.

INFO

Published Date :

2025-09-17T00:00:00.000Z

Last Modified :

2026-01-26T16:10:49.470Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-56648 vulnerability.

Vendors Products
Parceljs
  • Parcel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-56648.

URL Resource
https://gist.github.com/R4356th/41f468def606b2406e36f7193f5322b8 cve-icon cve-icon cve-icon
https://github.com/parcel-bundler/parcel/commit/4bc56e3242a85491c7edf589966e9b44c6330c49 cve-icon cve-icon
https://github.com/parcel-bundler/parcel/discussions/10089 cve-icon cve-icon cve-icon
https://github.com/parcel-bundler/parcel/issues/10216 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-56648 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-56648 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact