Description

Nuxt is an open-source web development framework for Vue.js. Prior to 3.19.0 and 4.1.0, A client-side path traversal vulnerability in Nuxt's Island payload revival mechanism allowed attackers to manipulate client-side requests to different endpoints within the same application domain when specific prerendering conditions are met. The vulnerability occurs in the client-side payload revival process (revive-payload.client.ts) where Nuxt Islands are automatically fetched when encountering serialized __nuxt_island objects. During prerendering, if an API endpoint returns user-controlled data containing a crafted __nuxt_island object, he data gets serialized with devalue.stringify and stored in the prerendered page. When a client navigates to the prerendered page, devalue.parse deserializes the payload. The Island reviver attempts to fetch /__nuxt_island/${key}.json where key could contain path traversal sequences. Update to Nuxt 3.19.0+ or 4.1.0+.

INFO

Published Date :

2025-09-17T18:39:38.193Z

Last Modified :

2025-09-17T19:42:44.734Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-59414 vulnerability.

Vendors Products
Nuxt
  • Nuxt
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-59414.

URL Resource
https://github.com/nuxt/nuxt/commit/2566d2046bccb158d98fb13e42ce4b2c33fb2595 cve-icon cve-icon
https://github.com/nuxt/nuxt/security/advisories/GHSA-p6jq-8vc4-79f6 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact