CNNVD-202510-1410 Information

CNNVD ID

CNNVD-202510-1410

Related CVE

CVE-2025-61925

• CNNVD Published: 2025-10-10

Description (Chinese)

Astro是Astro开源的一个内容驱动网站的 web 框架。 Astro 5.14.2之前版本存在安全漏洞，该漏洞源于未验证X-Forwarded-Host头，可能导致恶意重定向和凭证泄露。

Description (English)

Astro is the web framework for a content-driven site that is open to Astro. There was a security loophole in the pre-Astro 5.14.2 version, which originated from the failure to verify the X-Forwarded-Host head and could lead to malicious re-direction and document disclosure.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Astro

Published

2025-10-10

Last Modified

2026-02-24

References

https://github.com/Chisnet/minimal_dynamic_astro_server https://github.com/withastro/astro/security/advisories/GHSA-5ff5-9fcw-vg88

Patch

https://github.com/withastro/astro/releases