Vulnerability-Lookup

CVE-2025-55207 (GCVE-0-2025-55207)

Vulnerability from cvelistv5 – Published: 2025-08-15 15:13 – Updated: 2025-08-15 19:10

Title

@astrojs/node's trailing slash handling causes open redirect issue

Summary

Astro is a web framework for content-driven websites. Following CVE-2025-54793 there's still an Open Redirect vulnerability in a subset of Astro deployment scenarios prior to version 9.4.1. Astro 5.12.8 addressed CVE-2025-54793 where https://example.com//astro.build/press would redirect to the external origin //astro.build/press. However, with the Node deployment adapter in standalone mode and trailingSlash set to "always" in the Astro configuration, https://example.com//astro.build/press still redirects to //astro.build/press. This affects any user who clicks on a specially crafted link pointing to the affected domain. Since the domain appears legitimate, victims may be tricked into trusting the redirected page, leading to possible credential theft, malware distribution, or other phishing-related attacks. This issue has been patched in version 9.4.1.

Severity ?

5.5 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P

CWE

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/withastro/astro/security/advis…	x_refsource_CONFIRM
	https://github.com/withastro/astro/commit/5fc3c59…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	withastro	astro	Affected: < 9.4.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-55207",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-15T19:10:24.679222Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-15T19:10:33.451Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "astro",
          "vendor": "withastro",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 9.4.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Astro is a web framework for content-driven websites. Following CVE-2025-54793 there\u0027s still an Open Redirect vulnerability in a subset of Astro deployment scenarios prior to version 9.4.1. Astro 5.12.8 addressed CVE-2025-54793 where https://example.com//astro.build/press would redirect to the external origin //astro.build/press. However, with the Node deployment adapter in standalone mode and trailingSlash set to \"always\" in the Astro configuration, https://example.com//astro.build/press still redirects to //astro.build/press. This affects any user who clicks on a specially crafted link pointing to the affected domain. Since the domain appears legitimate, victims may be tricked into trusting the redirected page, leading to possible credential theft, malware distribution, or other phishing-related attacks. This issue has been patched in version 9.4.1."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-601",
              "description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-15T15:13:08.214Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/withastro/astro/security/advisories/GHSA-9x9c-ghc5-jhw9",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/withastro/astro/security/advisories/GHSA-9x9c-ghc5-jhw9"
        },
        {
          "name": "https://github.com/withastro/astro/commit/5fc3c599cacb0172cc7d8e1202a5f2e8685d7ef2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/withastro/astro/commit/5fc3c599cacb0172cc7d8e1202a5f2e8685d7ef2"
        }
      ],
      "source": {
        "advisory": "GHSA-9x9c-ghc5-jhw9",
        "discovery": "UNKNOWN"
      },
      "title": "@astrojs/node\u0027s trailing slash handling causes open redirect issue"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-55207",
    "datePublished": "2025-08-15T15:13:08.214Z",
    "dateReserved": "2025-08-08T21:55:07.966Z",
    "dateUpdated": "2025-08-15T19:10:33.451Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-55207\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-15T19:10:24.679222Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-15T19:10:29.495Z\"}}], \"cna\": {\"title\": \"@astrojs/node\u0027s trailing slash handling causes open redirect issue\", \"source\": {\"advisory\": \"GHSA-9x9c-ghc5-jhw9\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 5.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"withastro\", \"product\": \"astro\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 9.4.1\"}]}], \"references\": [{\"url\": \"https://github.com/withastro/astro/security/advisories/GHSA-9x9c-ghc5-jhw9\", \"name\": \"https://github.com/withastro/astro/security/advisories/GHSA-9x9c-ghc5-jhw9\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/withastro/astro/commit/5fc3c599cacb0172cc7d8e1202a5f2e8685d7ef2\", \"name\": \"https://github.com/withastro/astro/commit/5fc3c599cacb0172cc7d8e1202a5f2e8685d7ef2\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Astro is a web framework for content-driven websites. Following CVE-2025-54793 there\u0027s still an Open Redirect vulnerability in a subset of Astro deployment scenarios prior to version 9.4.1. Astro 5.12.8 addressed CVE-2025-54793 where https://example.com//astro.build/press would redirect to the external origin //astro.build/press. However, with the Node deployment adapter in standalone mode and trailingSlash set to \\\"always\\\" in the Astro configuration, https://example.com//astro.build/press still redirects to //astro.build/press. This affects any user who clicks on a specially crafted link pointing to the affected domain. Since the domain appears legitimate, victims may be tricked into trusting the redirected page, leading to possible credential theft, malware distribution, or other phishing-related attacks. This issue has been patched in version 9.4.1.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-601\", \"description\": \"CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-08-15T15:13:08.214Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-55207\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-15T19:10:33.451Z\", \"dateReserved\": \"2025-08-08T21:55:07.966Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-08-15T15:13:08.214Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-9X9C-GHC5-JHW9

Vulnerability from github – Published: 2025-08-15 16:52 – Updated: 2025-08-15 20:55

Summary

@astrojs/node's trailing slash handling causes open redirect issue

Details

Summary

Following https://github.com/withastro/astro/security/advisories/GHSA-cq8c-xv66-36gw, there's still an Open Redirect vulnerability in a subset of Astro deployment scenarios.

Details

Astro 5.12.8 fixed a case where https://example.com//astro.build/press would redirect to the external origin //astro.build/press. However, with the Node deployment adapter in standalone mode and trailingSlash set to "always" in the Astro configuration, https://example.com//astro.build/press still redirects to //astro.build/press.

Proof of Concept

Create a new minimal Astro project (astro@5.12.8)
Configure it to use the Node adapter (@astrojs/node@9.4.0) and force trailing slashes: ```js // astro.config.mjs import { defineConfig } from 'astro/config'; import node from '@astrojs/node';

export default defineConfig({ trailingSlash: 'always', adapter: node({ mode: 'standalone' }), }); `` 3. Build the site by runningastro build. 4. Run the server, e.g. withastro preview. 5. Append//astro.build/press` to the preview URL, e.g. http://localhost:4321//astro.build/press 6. The site will redirect to the external Astro Build origin.

Example reproduction

Open this StackBlitz reproduction.
Open the preview in a separate window so the StackBlitz embed doesn't cause security errors.
Append //astro.build/press to the preview URL, e.g. https://x.local-corp.webcontainer.io//astro.build/press.
See it redirect to the external Astro Build origin.

Impact

This is classified as an Open Redirection vulnerability (CWE-601). It affects any user who clicks on a specially crafted link pointing to the affected domain. Since the domain appears legitimate, victims may be tricked into trusting the redirected page, leading to possible credential theft, malware distribution, or other phishing-related attacks.

No authentication is required to exploit this vulnerability. Any unauthenticated user can trigger the redirect by clicking a malicious link.

Severity ?

5.5 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 9.4.0"
      },
      "package": {
        "ecosystem": "npm",
        "name": "@astrojs/node"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-55207"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-601"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-08-15T16:52:48Z",
    "nvd_published_at": "2025-08-15T16:15:30Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\n\nFollowing https://github.com/withastro/astro/security/advisories/GHSA-cq8c-xv66-36gw, there\u0027s still an Open Redirect vulnerability in a subset of Astro deployment scenarios.\n\n### Details\n\nAstro 5.12.8 fixed a case where `https://example.com//astro.build/press` would redirect to the external origin `//astro.build/press`. However, with the Node deployment adapter in standalone mode and `trailingSlash` set to `\"always\"` in the Astro configuration, `https://example.com//astro.build/press` still redirects to `//astro.build/press`.\n\n### Proof of Concept\n\n1. Create a new minimal Astro project (`astro@5.12.8`)\n2. Configure it to use the Node adapter (`@astrojs/node@9.4.0`) and force trailing slashes:\n   ```js\n   // astro.config.mjs\n   import { defineConfig } from \u0027astro/config\u0027;\n   import node from \u0027@astrojs/node\u0027;\n   \n   export default defineConfig({\n     trailingSlash: \u0027always\u0027,\n     adapter: node({ mode: \u0027standalone\u0027 }),\n   });\n   ```\n3. Build the site by running `astro build`.\n4. Run the server, e.g. with `astro preview`.\n5. Append `//astro.build/press` to the preview URL, e.g. \u003chttp://localhost:4321//astro.build/press\u003e\n6. The site will redirect to the external Astro Build origin.\n\n#### Example reproduction\n\n1. Open [this StackBlitz reproduction](https://stackblitz.com/edit/github-4fvpfhcz-nyfj2mbf).\n2. Open the preview in a separate window so the StackBlitz embed doesn\u0027t cause security errors.\n3. Append `//astro.build/press` to the preview URL, e.g. `https://x.local-corp.webcontainer.io//astro.build/press`.\n4. See it redirect to the external Astro Build origin.\n\n### Impact\n\nThis is classified as an Open Redirection vulnerability (CWE-601). It affects any user who clicks on a specially crafted link pointing to the affected domain. Since the domain appears legitimate, victims may be tricked into trusting the redirected page, leading to possible credential theft, malware distribution, or other phishing-related attacks.\n\nNo authentication is required to exploit this vulnerability. Any unauthenticated user can trigger the redirect by clicking a malicious link.",
  "id": "GHSA-9x9c-ghc5-jhw9",
  "modified": "2025-08-15T20:55:55Z",
  "published": "2025-08-15T16:52:48Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/withastro/astro/security/advisories/GHSA-9x9c-ghc5-jhw9"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55207"
    },
    {
      "type": "WEB",
      "url": "https://github.com/withastro/astro/commit/5fc3c599cacb0172cc7d8e1202a5f2e8685d7ef2"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/withastro/astro"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "@astrojs/node\u0027s trailing slash handling causes open redirect issue"
}

FKIE_CVE-2025-55207

Vulnerability from fkie_nvd - Published: 2025-08-15 16:15 - Updated: 2025-08-18 20:16

Severity ?

5.5 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/withastro/astro/commit/5fc3c599cacb0172cc7d8e1202a5f2e8685d7ef2
	security-advisories@github.com	https://github.com/withastro/astro/security/advisories/GHSA-9x9c-ghc5-jhw9

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Astro is a web framework for content-driven websites. Following CVE-2025-54793 there\u0027s still an Open Redirect vulnerability in a subset of Astro deployment scenarios prior to version 9.4.1. Astro 5.12.8 addressed CVE-2025-54793 where https://example.com//astro.build/press would redirect to the external origin //astro.build/press. However, with the Node deployment adapter in standalone mode and trailingSlash set to \"always\" in the Astro configuration, https://example.com//astro.build/press still redirects to //astro.build/press. This affects any user who clicks on a specially crafted link pointing to the affected domain. Since the domain appears legitimate, victims may be tricked into trusting the redirected page, leading to possible credential theft, malware distribution, or other phishing-related attacks. This issue has been patched in version 9.4.1."
    },
    {
      "lang": "es",
      "value": "Astro es un framework web para sitios web basados en contenido. Tras la CVE-2025-54793, persiste una vulnerabilidad de redirecci\u00f3n abierta en un subconjunto de escenarios de implementaci\u00f3n de Astro anteriores a la versi\u00f3n 9.4.1. Astro 5.12.8 solucion\u00f3 la CVE-2025-54793, donde https://example.com//astro.build/press redirig\u00eda al origen externo //astro.build/press. Sin embargo, con el adaptador de implementaci\u00f3n de Node en modo independiente y la barra diagonal final configurada como \"siempre\" en la configuraci\u00f3n de Astro, https://example.com//astro.build/press sigue redirigiendo a //astro.build/press. Esto afecta a cualquier usuario que haga clic en un enlace especialmente manipulado que apunte al dominio afectado. Dado que el dominio parece leg\u00edtimo, las v\u00edctimas pueden ser enga\u00f1adas para que conf\u00eden en la p\u00e1gina redirigida, lo que puede provocar el robo de credenciales, la distribuci\u00f3n de malware u otros ataques de phishing. Este problema se ha corregido en la versi\u00f3n 9.4.1."
    }
  ],
  "id": "CVE-2025-55207",
  "lastModified": "2025-08-18T20:16:28.750",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "PROOF_OF_CONCEPT",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "LOW",
          "subIntegrityImpact": "LOW",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-08-15T16:15:30.133",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/withastro/astro/commit/5fc3c599cacb0172cc7d8e1202a5f2e8685d7ef2"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/withastro/astro/security/advisories/GHSA-9x9c-ghc5-jhw9"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-55207 (GCVE-0-2025-55207)

GHSA-9X9C-GHC5-JHW9

Summary

Details

Proof of Concept

Example reproduction

Impact

FKIE_CVE-2025-55207

Tags

Sightings

Nomenclature