CVE-2025-66415

Medium CVSS: 6.9

fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is fixed in 12.5.0.

Vendor

Fastify

Product

Reply-from

CWE

CWE-441

Yayın Tarihi

2025-12-01 23:15:54

Güncelleme

2026-02-06 16:56:00

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-441 Reply-from MEDIUM Fastify 2025

Referanslar

https://github.com/fastify/fastify-reply-from/commit/4d9795cd5b57a36756d37b7f036eae369f69fa66 https://github.com/fastify/fastify-reply-from/security/advisories/GHSA-2q7r-29rg-6m5h

Benzer Kayıtlar

Medium

CVE-2026-3419

Fastify incorrectly accepts malformed `Content-Type` headers containing trailing characters after the subtype token, in…

High

CVE-2026-25223

Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation bypass vulnerability…

Low

CVE-2026-25224

Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.3, a denial-of-service vulnerability…

High

CVE-2025-32442

Fastify is a fast and low overhead web framework, for Node.js. In versions 5.0.0 to 5.3.0 as well as version 4.29.0, app…