Description

fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is fixed in 12.5.0.

INFO

Published Date :

2025-12-01T22:39:32.468Z

Last Modified :

2025-12-02T14:13:45.644Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-66415 vulnerability.

Vendors Products
Fastify
  • Reply-from
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-66415.

URL Resource
https://github.com/fastify/fastify-reply-from/commit/4d9795cd5b57a36756d37b7f036eae369f69fa66 cve-icon cve-icon cve-icon
https://github.com/fastify/fastify-reply-from/security/advisories/GHSA-2q7r-29rg-6m5h cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-66415 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-66415 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact