CVE-2025-64757

Low CVSS: 3.5

Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote attackers to read any image file accessible to the Node.js process on the host system. This issue has been patched in version 5.14.3.

Vendor

Astro

Product

Astro

CWE

CWE-22

Yayın Tarihi

2025-11-19 17:15:52

Güncelleme

2025-11-20 17:58:21

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-22 Astro LOW Astro 2025

Referanslar

https://github.com/withastro/astro/commit/b8ca69b97149becefaf89bf21853de9c905cdbb7 https://github.com/withastro/astro/security/advisories/GHSA-x3h8-62x9-952g

Benzer Kayıtlar

Medium

CVE-2026-33768

Astro is a web framework. Prior to version 10.0.2, the @astrojs/vercel serverless entrypoint reads the x-astro-path head…

Low

CVE-2026-33769

Astro is a web framework. From version 2.10.10 to before version 5.18.1, this issue concerns Astro's remotePatterns path…

Medium

CVE-2026-29772

Astro is a web framework. Prior to version 10.0.0, Astro's Server Islands POST handler buffers and parses the full reque…

Medium

CVE-2026-27829

Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in Astro's image pipeline allows bypassing `image.domai…

Medium

CVE-2026-27729

Astro is a web framework. In versions 9.0.0 through 9.5.3, Astro server actions have no default request body size limit,…

Medium

CVE-2026-25545

Astro is a web framework. Prior to version 9.5.4, Server-Side Rendered pages that return an error with a prerendered cus…