CVE-2025-58179P2MEDIUMCVSS 6.5ExploitedPoCfixed in 13.1.102025-09-05
CVE-2025-58179 [MEDIUM] CWE-918 CVE-2025-58179: Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable
Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URLs it receives, allowing content from unauthorized third
nvd