Summary A vulnerability in vite affects IBM Robotic Process Automation which could result in incorrect validation for WebSocket Connections (CVE-2025-24010). Vite is used by IBM Robotic Process Automation as part of it's user interface. This bulletin identifies the fixes required to resolve the vulnerability. Vulnerability Details CVEID:CVE-2025-24010 DESCRIPTION: Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vulnerability is fixed in 6.0.9, 5.4.12, and 4.5.6. CWE:CWE-346: Origin Validation Error CVSS Source: security-advisories@github.com CVSS Base score: 6.5 CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) Affected Products and Versions Affected Product(s)| Version(s) —|— IBM Robotic Process Automation for Cloud Pak| 23.0.0 – 23.0.20 IBM Robotic Process Automation| 23.0.0 – 23.0.20 Remediation/Fixes IBM strongly recommends addressing the vulnerability now. Product(s)| Version(s) number and/or range | Remediation/Fix/Instructions —|—|— IBM Robotic Process Automation| 23.0.0 – 23.0.20| Download 23.0.20.1 or higher and follow these instructions. IBM Robotic Process Automation for Cloud Pak | 23.0.0 – 23.0.20| Update to 23.0.20.1 or higher using the following instructions. These vulnerabilities affect the IBM Robotic Process Automation server….Read More