Reflected XSS Vulnerability in Astro Web Framework by WithAstro
CVE-2025-64764

7.1HIGH

Key Information:

Vendor

Withastro

Status
Astro
Vendor
CVE Published:
19 November 2025

Badges

📈 Score: 1,290📰 News Worthy

What is CVE-2025-64764?

CVE-2025-64764 is a reflected Cross-Site Scripting (XSS) vulnerability found in the Astro Web Framework developed by WithAstro. This web framework allows developers to create fast and optimized websites using a modular approach. The specific vulnerability arises in applications utilizing the server islands feature before version 5.15.8. When exploited, this flaw can allow attackers to inject malicious scripts into web pages viewed by users, leading to potentially harmful interactions with the web application. This could compromise user data, alter the appearance of the site, or redirect users to malicious sites, thereby presenting a serious risk to an organization’s security and the integrity of its web applications.

Potential impact of CVE-2025-64764

  1. User Data Compromise: Attackers can execute scripts that may capture sensitive user information, including login credentials, personal data, and financial information, compromising both user privacy and organizational security.

  2. Website Manipulation: By exploiting this vulnerability, attackers can modify the content displayed on a website, which can mislead users, harm the organization's reputation, and potentially facilitate further attacks.

  3. Increased Vulnerability to Additional Threats: The presence of this vulnerability can serve as a gateway for more severe attacks, including phishing campaigns or the spread of malware, thereby heightening the overall risk landscape for affected organizations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

astro < 5.15.8

News Articles

favicon imagewiz.io

CVE-2025-64764 Impact, Exploitability, and Mitigation Steps | Wiz

Understand the critical aspects of CVE-2025-64764 with a detailed vulnerability assessment, exploitation potential, affected technologies, and remediation guidance.

References

https://github.com/withastro/astro/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/withastro/astro/commit/790d9425f39bbbb...
x_refsource_MISC

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 📰

    First article discovered by wiz.io

  • Vulnerability published

  • Vulnerability Reserved

JSON
.