CVE-2025-52662

Summary

A vulnerability in Nuxt DevTools has been fixed in version 2.6.4*. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are encouraged to upgrade.

More details: https://vercel.com/changelog/cve-2025-52662-xss-on-nuxt-devtools

Affected Software

VendorProductVersion RangeStatus
VercelNuxt Devtools2.6.3 <= 2.6.3affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References