Image Optimization Vulnerability in Astro Web Framework by Astro
CVE-2025-55303

6.9MEDIUM

Key Information:

Vendor: Withastro
Status: Astro
Vendor: CVE Published:; 19 August 2025

What is CVE-2025-55303?

The Astro web framework has a security flaw that affects its image optimization feature. This issue arises when on-demand rendering is utilized, allowing an attacker to exploit the /_image endpoint, which serves optimized images. In versions prior to 5.13.2 and 4.16.18, a bug permits the use of protocol-relative URLs, enabling unauthorized images from third-party domains to be served. This vulnerability exposes websites to potential misuse, emphasizing the need for immediate updates to secure deployed projects.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

astro >= 5.0.0-alpha.0, < 5.13.2 < 5.0.0-alpha.0, 5.13.2

astro < 4.16.18 < 4.16.18

References

https://github.com/withastro/astro/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/withastro/astro/commit/4d16de7f95db5d1...

x_refsource_MISC

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Aug 19, 2025
Vulnerability Reserved
Aug 12, 2025

JSON

Withastro

What is CVE-2025-55303?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.