More details: https://vercel.com/changelog/cve-2025-52662-xss-on-nuxt-devtools
Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Vercel | Nuxt Devtools | unaffected |
|
No data.
| Vendor | Product | Confidence | Versions |
|---|---|---|---|
| Nuxt | Nuxt | — | — |
| Vercel | Vercel | — | — |
Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
 Github GHSA |
GHSA-xmq3-q5pm-rp26 | Nuxt DevTools vulnerable to cross-site scripting (XSS) |
Wed, 04 Feb 2026 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Nuxt devtools
|
|
| CPEs | cpe:2.3:a:nuxt:devtools:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Nuxt devtools
|
Mon, 01 Dec 2025 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-79 |
Fri, 07 Nov 2025 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 07 Nov 2025 11:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Nuxt
Nuxt nuxt Vercel Vercel vercel |
|
| Vendors & Products |
Nuxt
Nuxt nuxt Vercel Vercel vercel |
Fri, 07 Nov 2025 01:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability in Nuxt DevTools has been fixed in version **2.6.4***. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are encouraged to upgrade. More details: https://vercel.com/changelog/cve-2025-52662-xss-on-nuxt-devtools | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: hackerone
Published:
Updated: 2025-12-01T20:12:06.314Z
Reserved: 2025-06-18T15:00:00.894Z
Link: CVE-2025-52662
Vulnrichment
Updated: 2025-11-07T18:38:52.299Z
NVD
Status : Analyzed
Published: 2025-11-07T01:15:36.803
Modified: 2026-02-04T21:01:06.923
Link: CVE-2025-52662
Redhat
No data.
OpenCVE Enrichment
Updated: 2025-11-07T10:53:36Z