CNNVD-202511-2193 Information

CNNVD ID

CNNVD-202511-2193

Related CVE

CVE-2025-64757

• CNNVD Published: 2025-11-19

Description (Chinese)

Astro是Astro开源的一个内容驱动网站的 web 框架。 Astro 5.14.3之前版本存在安全漏洞，该漏洞源于开发服务器的图像优化端点存在任意本地文件读取漏洞，可能导致信息泄露。

Description (English)

Astro is the web framework for a content-driven site that is open to Astro. There was a security loophole in the pre-Astro 5.14.3 version, which stemmed from any local file reading gap at the image optimization endpoint of the development server, which could lead to a leak of information.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

Astro

Published

2025-11-19

Last Modified

2026-02-24

References

https://github.com/withastro/astro/commit/b8ca69b97149becefaf89bf21853de9c905cdbb7 https://github.com/withastro/astro/security/advisories/GHSA-x3h8-62x9-952g https://access.redhat.com/security/cve/cve-2025-64757

Patch

https://github.com/withastro/astro/releases