CVE-2025-55207
BaseFortify
Publication date: 2025-08-15
Last updated on: 2025-08-18
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| astro | astro | 9.4.1 |
| astro | astro | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Open Redirect issue in the Astro web framework prior to version 9.4.1. Specifically, when using the Node deployment adapter in standalone mode with the trailingSlash configuration set to "always", certain URLs on the affected domain redirect users to external, potentially malicious sites. Because the domain appears legitimate, users may be tricked into trusting the redirected page.
How can this vulnerability impact me? :
If a user clicks on a specially crafted link exploiting this vulnerability, they may be redirected to malicious websites. This can lead to credential theft, malware distribution, or other phishing-related attacks, putting users and organizations at risk.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Astro to version 9.4.1 or later, as this version patches the Open Redirect vulnerability. Additionally, review your Astro configuration to avoid using the Node deployment adapter in standalone mode with trailingSlash set to "always" until the upgrade is applied.