Web Framework Image Proxy Bypass Issue in Astro by WithAstro
CVE-2025-59837
7.2HIGH
What is CVE-2025-59837?
Astro, a web framework, has an issue with its image proxy that impacts versions 5.13.4 through 5.13.9. The vulnerability arises from an incomplete validation mechanism, allowing attackers to bypass the expected domain checks by exploiting the href parameter with backslashes. This misconfiguration can lead to server-side requests directed to arbitrary URLs, which may result in SSRF vulnerabilities, and potentially facilitate cross-site scripting (XSS) attacks. The issue is mitigated in version 5.13.10.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
astro >= 5.13.4, < 5.13.10
References
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved