Nuxt has Client-Side Path Traversal in Nuxt Island Payload Revival

Description

A client-side path traversal vulnerability in Nuxt’s Island payload revival mechanism allowed attackers to manipulate client-side requests to different endpoints within the same application domain when specific prerendering conditions are met.

Recommendation

Update the nuxt package to the latest compatible version. Followings are version details:

• Affected version(s): **>= 4.0.0, < 4.1.0

  >= 3.6.0, < 3.19.0**

• Patched version(s): **4.1.0

  3.19.0**

References

• GHSA-p6jq-8vc4-79f6
• CVE-2025-59414
• CWE-22
• CAPEC-310
• OWASP 2021-A1
• OWASP 2021-A6

Related Issues

• matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal - CVE-2024-50336
• jsPDF has Local File Inclusion/Path Traversal vulnerability - CVE-2025-68428
• React Router has Path Traversal in File Session Storage - CVE-2025-61686
• React Router has Path Traversal in File Session Storage (GHSA-9583-h5hc-x8cw) - CVE-2025-61686

Tags:

npm

nuxt