PUBLISHED on 2 April 2026, the diary notes that attempts to exploit exposed Vite installs target CVE-2025-30208. From its GitHub description, Vite is described as a frontend build tool that can boost development productivity, but exposed features can be misused. The honeypots are logging URLs with the common "/@fs/" prefix and the ending "?raw??", patterns that match the CVE-2025-30208 described by Offsec[.]com.
The vulnerability allows bypassing Vite’s access controls to download arbitrary files, including well-known configuration files, via the '@fs' file-retrieval feature and the '?raw??' suffix. Vite normally listens on port 5173 and should be reachable only via localhost, yet attackers appear to assume it is often exposed and are attempting to access sensitive files on that basis. According to Offsec[.]com, this pattern of activity underscores the risk of misconfigured instances and the potential exposure of secrets.