Description

Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URLs it receives, allowing content from unauthorized third-party domains to be served. a A bug in impacted versions of the @astrojs/cloudflare adapter for deployment on Cloudflare’s infrastructure, allows an attacker to bypass the third-party domain restrictions and serve any content from the vulnerable origin. This issue is fixed in version 12.6.6.

INFO

Published Date :

2025-09-04T23:36:44.393Z

Last Modified :

2025-09-05T14:53:29.299Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-58179 vulnerability.

Vendors Products
Withastro
  • Astro
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-58179.

URL Resource
https://github.com/withastro/astro/commit/9ecf3598e2b29dd74614328fde3047ea90e67252 cve-icon cve-icon
https://github.com/withastro/astro/security/advisories/GHSA-qpr4-c339-7vq8 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact