CVE-2025-52662 MEDIUM

CVE-2025-52662

Vendor Vercel
Product Nuxt Devtools
Published November 7, 2025
Last update December 1, 2025

CVSS base score

6.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N

What the vulnerability does

01Description

A vulnerability in Nuxt DevTools has been fixed in version **2.6.4***. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are encouraged to upgrade. More details: https://vercel.com/changelog/cve-2025-52662-xss-on-nuxt-devtools

Key dates

02Disclosure timeline

November 7, 2025 CVE published
December 1, 2025 Record updated