CVE-2025-61925 (CNNVD-202510-1410)

MEDIUM
中文标题:
Astro 安全漏洞
英文标题:
Astro's `X-Forwarded-Host` is reflected with no validation
CVSS分数: 6.5
发布时间: 2025-10-10 19:34:05
漏洞类型: 其他
状态: PUBLISHED
数据质量分数: 0.30
数据版本: v3
漏洞描述
中文描述:

Astro是Astro开源的一个内容驱动网站的 web 框架。 Astro 5.14.2之前版本存在安全漏洞,该漏洞源于未验证X-Forwarded-Host头,可能导致恶意重定向和凭证泄露。

英文描述:

Astro is a web framework. Prior to version 5.14.2, Astro reflects the value in `X-Forwarded-Host` in output when using `Astro.url` without any validation. It is common for web servers such as nginx to route requests via the `Host` header, and forward on other request headers. As such as malicious request can be sent with both a `Host` header and an `X-Forwarded-Host` header where the values do not match and the `X-Forwarded-Host` header is malicious. Astro will then return the malicious value. This could result in any usages of the `Astro.url` value in code being manipulated by a request. For example if a user follows guidance and uses `Astro.url` for a canonical link the canonical link can be manipulated to another site. It is theoretically possible that the value could also be used as a login/registration or other form URL as well, resulting in potential redirecting of login credentials to a malicious party. As this is a per-request attack vector the surface area would only be to the malicious user until one considers that having a caching proxy is a common setup, in which case any page which is cached could persist the malicious value for subsequent users. Many other frameworks have an allowlist of domains to validate against, or do not have a case where the headers are reflected to avoid such issues. This could affect anyone using Astro in an on-demand/dynamic rendering mode behind a caching proxy. Version 5.14.2 contains a fix for the issue.

CWE类型:
CWE-470
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
withastro astro < 5.14.2 - - cpe:2.3:a:withastro:astro:<_5.14.2:*:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
https://github.com/withastro/astro/security/advisories/GHSA-5ff5-9fcw-vg88 x_refsource_CONFIRM
cve.org
访问
https://github.com/Chisnet/minimal_dynamic_astro_server x_refsource_MISC
cve.org
访问
CVSS评分详情
3.1 (cna)
MEDIUM
6.5
CVSS向量: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
机密性
NONE
完整性
LOW
可用性
LOW
时间信息
发布时间:
2025-10-10 19:34:05
修改时间:
2025-10-10 20:01:06
创建时间:
2025-11-11 15:40:48
更新时间:
2025-11-11 16:00:16
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2025-61925 2025-11-11 15:23:33 2025-11-11 07:40:48
NVD nvd_CVE-2025-61925 2025-11-11 15:01:05 2025-11-11 07:48:35
CNNVD cnnvd_CNNVD-202510-1410 2025-11-11 15:12:28 2025-11-11 08:00:16
版本与语言
当前版本: v3
主要语言: EN
支持语言:
EN ZH
安全公告
暂无安全公告信息
变更历史
v3 CNNVD
2025-11-11 16:00:16
vulnerability_type: 未提取 → 其他; cnnvd_id: 未提取 → CNNVD-202510-1410; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 其他
  • cnnvd_id: 未提取 -> CNNVD-202510-1410
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2025-11-11 15:48:35
data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • data_sources: ['cve'] -> ['cve', 'nvd']