CVE & CISA-KEV Catalog

CVE-2025-61925

MEDIUM
6.5
CVSS v3
NVD

Description

Astro is a web framework. Prior to version 5.14.2, Astro reflects the value in `X-Forwarded-Host` in output when using `Astro.url` without any validation. It is common for web servers such as nginx to route requests via the `Host` header, and forward on other request headers. As such as malicious request can be sent with both a `Host` header and an `X-Forwarded-Host` header where the values do not match and the `X-Forwarded-Host` header is malicious. Astro will then return the malicious value. This could result in any usages of the `Astro.url` value in code being manipulated by a request. For example if a user follows guidance and uses `Astro.url` for a canonical link the canonical link can be manipulated to another site. It is theoretically possible that the value could also be used as a login/registration or other form URL as well, resulting in potential redirecting of login credentials to a malicious party. As this is a per-request attack vector the surface area would only be to the malicious user until one considers that having a caching proxy is a common setup, in which case any page which is cached could persist the malicious value for subsequent users. Many other frameworks have an allowlist of domains to validate against, or do not have a case where the headers are reflected to avoid such issues. This could affect anyone using Astro in an on-demand/dynamic rendering mode behind a caching proxy. Version 5.14.2 contains a fix for the issue.

How to fix

Remediation Available
astroNVD
Affected:< 5.14.2Fixed in:5.14.2CVE-2025-61925derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityLow
AvailabilityLow

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Exploit Intelligence

0.39%probability of exploitation in 30 days
30thpercentile

Low risk: more likely to be exploited than 30% of all known CVEs.

References

Exploit1
Product1
Embed a live status badge for CVE-2025-61925
CVE-2025-61925 severity badge

Markdown

[![CVE-2025-61925](https://tridentstack.com/cve/badge/CVE-2025-61925.svg)](https://tridentstack.com/cve/CVE-2025-61925)

HTML

<a href="https://tridentstack.com/cve/CVE-2025-61925"><img src="https://tridentstack.com/cve/badge/CVE-2025-61925.svg" alt="CVE-2025-61925"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-12-04.