CVE-2025-64757

EUVD-2025-198185
Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote attackers to read any image file accessible to the Node.js process on the host system. This issue has been patched in version 5.14.3.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.5 LOW
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
GitHub_MCNA
3.5 LOW
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
Affected Products (NVD)
VendorProductVersion
astroastro
𝑥
< 5.14.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/withastro/astro/commit/b8ca69b97149becefaf89bf21853de9c905cdbb7
https://github.com/withastro/astro/security/advisories/GHSA-x3h8-62x9-952g