CVE-2025-64745
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-64745
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-64745.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-64745
- Aliases
- Published
- 2025-11-13T20:26:13.261Z
- Modified
- 2025-12-05T10:21:51.814871Z
- Severity
-
- 2.7 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N CVSS Calculator
- Summary
- Astro development server error page vulnerable to reflected Cross-site Scripting
- Details
-
Astro is a web framework. Starting in version 5.2.0 and prior to version 5.15.6, a Reflected Cross-Site Scripting (XSS) vulnerability exists in Astro's development server error pages when the
trailingSlashconfiguration option is used. An attacker can inject arbitrary JavaScript code that executes in the victim's browser context by crafting a malicious URL. While this vulnerability only affects the development server and not production builds, it could be exploited to compromise developer environments through social engineering or malicious links. Version 5.15.6 fixes the issue. - Database specific
{ "cwe_ids": [ "CWE-79" ], "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/64xxx/CVE-2025-64745.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/64xxx/CVE-2025-64745.json
- https://github.com/withastro/astro/blob/5bc37fd5cade62f753aef66efdf40f982379029a/packages/astro/src/template/4xx.ts#L133-L149
- https://github.com/withastro/astro/commit/790d9425f39bbbb462f1c27615781cd965009f91
- https://github.com/withastro/astro/pull/12994
- https://github.com/withastro/astro/security/advisories/GHSA-w2vj-39qv-7vh7
- https://nvd.nist.gov/vuln/detail/CVE-2025-64745
Affected packages
Git / github.com/withastro/astro
Affected versions
@astrojs/alpinejs@0.*
@astrojs/alpinejs@0.4.4
@astrojs/alpinejs@0.4.5
@astrojs/alpinejs@0.4.6
@astrojs/alpinejs@0.4.7
@astrojs/alpinejs@0.4.8
@astrojs/alpinejs@0.4.9
@astrojs/cloudflare@12.*
@astrojs/cloudflare@12.2.2
@astrojs/cloudflare@12.2.3
@astrojs/cloudflare@12.2.4
@astrojs/cloudflare@12.3.0
@astrojs/cloudflare@12.3.1
@astrojs/cloudflare@12.4.0
@astrojs/cloudflare@12.4.1
@astrojs/cloudflare@12.5.0
@astrojs/cloudflare@12.5.1
@astrojs/cloudflare@12.5.2
@astrojs/cloudflare@12.5.3
@astrojs/cloudflare@12.5.4
@astrojs/cloudflare@12.5.5
@astrojs/cloudflare@12.6.0
@astrojs/cloudflare@12.6.1
@astrojs/cloudflare@12.6.10
@astrojs/cloudflare@12.6.2
@astrojs/cloudflare@12.6.3
@astrojs/cloudflare@12.6.4
@astrojs/cloudflare@12.6.5
@astrojs/cloudflare@12.6.6
@astrojs/cloudflare@12.6.7
@astrojs/cloudflare@12.6.8
@astrojs/cloudflare@12.6.9
@astrojs/db@0.*
@astrojs/db@0.14.10
@astrojs/db@0.14.11
@astrojs/db@0.14.12
@astrojs/db@0.14.13
@astrojs/db@0.14.14
@astrojs/db@0.14.7
@astrojs/db@0.14.8
@astrojs/db@0.14.9
@astrojs/db@0.15.0
@astrojs/db@0.15.1
@astrojs/db@0.16.0
@astrojs/db@0.16.1
@astrojs/db@0.17.0
@astrojs/db@0.17.1
@astrojs/db@0.17.2
@astrojs/db@0.18.0
@astrojs/db@0.18.1
@astrojs/db@0.18.2
@astrojs/internal-helpers@0.*
@astrojs/internal-helpers@0.5.0
@astrojs/internal-helpers@0.5.1
@astrojs/internal-helpers@0.6.0
@astrojs/internal-helpers@0.6.1
@astrojs/internal-helpers@0.7.0
@astrojs/internal-helpers@0.7.1
@astrojs/internal-helpers@0.7.2
@astrojs/internal-helpers@0.7.3
@astrojs/internal-helpers@0.7.4
@astrojs/language-server@2.*
@astrojs/language-server@2.16.0
@astrojs/markdoc@0.*
@astrojs/markdoc@0.12.10
@astrojs/markdoc@0.12.11
@astrojs/markdoc@0.12.8
@astrojs/markdoc@0.12.9
@astrojs/markdoc@0.13.0
@astrojs/markdoc@0.13.2
@astrojs/markdoc@0.13.3
@astrojs/markdoc@0.13.4
@astrojs/markdoc@0.14.0
@astrojs/markdoc@0.14.1
@astrojs/markdoc@0.14.2
@astrojs/markdoc@0.15.0
@astrojs/markdoc@0.15.1
@astrojs/markdoc@0.15.2
@astrojs/markdoc@0.15.3
@astrojs/markdoc@0.15.4
@astrojs/markdoc@0.15.5
@astrojs/markdoc@0.15.6
@astrojs/markdoc@0.15.7
@astrojs/markdoc@0.15.8
@astrojs/markdown-remark@6.*
@astrojs/markdown-remark@6.1.0
@astrojs/markdown-remark@6.2.0
@astrojs/markdown-remark@6.2.1
@astrojs/markdown-remark@6.3.0
@astrojs/markdown-remark@6.3.2
@astrojs/markdown-remark@6.3.3
@astrojs/markdown-remark@6.3.4
@astrojs/markdown-remark@6.3.5
@astrojs/markdown-remark@6.3.6
@astrojs/markdown-remark@6.3.7
@astrojs/markdown-remark@6.3.8
@astrojs/mdx@4.*
@astrojs/mdx@4.0.8
@astrojs/mdx@4.1.0
@astrojs/mdx@4.1.1
@astrojs/mdx@4.2.0
@astrojs/mdx@4.2.2
@astrojs/mdx@4.2.3
@astrojs/mdx@4.2.4
@astrojs/mdx@4.2.5
@astrojs/mdx@4.2.6
@astrojs/mdx@4.3.0
@astrojs/mdx@4.3.1
@astrojs/mdx@4.3.10
@astrojs/mdx@4.3.2
@astrojs/mdx@4.3.3
@astrojs/mdx@4.3.4
@astrojs/mdx@4.3.5
@astrojs/mdx@4.3.6
@astrojs/mdx@4.3.7
@astrojs/mdx@4.3.9
@astrojs/netlify@6.*
@astrojs/netlify@6.2.0
@astrojs/netlify@6.2.1
@astrojs/netlify@6.2.2
@astrojs/netlify@6.2.3
@astrojs/netlify@6.2.4
@astrojs/netlify@6.2.5
@astrojs/netlify@6.2.6
@astrojs/netlify@6.3.0
@astrojs/netlify@6.3.1
@astrojs/netlify@6.3.2
@astrojs/netlify@6.3.3
@astrojs/netlify@6.3.4
@astrojs/netlify@6.4.0
@astrojs/netlify@6.4.1
@astrojs/netlify@6.5.0
@astrojs/netlify@6.5.1
@astrojs/netlify@6.5.10
@astrojs/netlify@6.5.11
@astrojs/netlify@6.5.12
@astrojs/netlify@6.5.13
@astrojs/netlify@6.5.2
@astrojs/netlify@6.5.3
@astrojs/netlify@6.5.4
@astrojs/netlify@6.5.5
@astrojs/netlify@6.5.6
@astrojs/netlify@6.5.7
@astrojs/netlify@6.5.8
@astrojs/netlify@6.5.9
@astrojs/netlify@6.6.0
@astrojs/node@9.*
@astrojs/node@9.0.3
@astrojs/node@9.1.0
@astrojs/node@9.1.1
@astrojs/node@9.1.2
@astrojs/node@9.1.3
@astrojs/node@9.2.0
@astrojs/node@9.2.1
@astrojs/node@9.2.2
@astrojs/node@9.3.0
@astrojs/node@9.3.1
@astrojs/node@9.3.2
@astrojs/node@9.3.3
@astrojs/node@9.4.0
@astrojs/node@9.4.1
@astrojs/node@9.4.2
@astrojs/node@9.4.3
@astrojs/node@9.4.4
@astrojs/node@9.4.5
@astrojs/node@9.4.6
@astrojs/node@9.5.0
@astrojs/partytown@2.*
@astrojs/partytown@2.1.4
@astrojs/preact@4.*
@astrojs/preact@4.0.10
@astrojs/preact@4.0.11
@astrojs/preact@4.0.4
@astrojs/preact@4.0.5
@astrojs/preact@4.0.6
@astrojs/preact@4.0.7
@astrojs/preact@4.0.8
@astrojs/preact@4.0.9
@astrojs/preact@4.1.0
@astrojs/preact@4.1.1
@astrojs/preact@4.1.2
@astrojs/preact@4.1.3
@astrojs/prism@3.*
@astrojs/prism@3.3.0
@astrojs/react@4.*
@astrojs/react@4.2.1
@astrojs/react@4.2.2
@astrojs/react@4.2.3
@astrojs/react@4.2.4
@astrojs/react@4.2.5
@astrojs/react@4.2.6
@astrojs/react@4.2.7
@astrojs/react@4.3.0
@astrojs/react@4.3.1
@astrojs/react@4.4.0
@astrojs/react@4.4.1
@astrojs/react@4.4.2
@astrojs/rss@4.*
@astrojs/rss@4.0.12
@astrojs/rss@4.0.13
@astrojs/sitemap@3.*
@astrojs/sitemap@3.3.1
@astrojs/sitemap@3.4.0
@astrojs/sitemap@3.4.1
@astrojs/sitemap@3.4.2
@astrojs/sitemap@3.5.0
@astrojs/sitemap@3.5.1
@astrojs/sitemap@3.6.0
@astrojs/solid-js@5.*
@astrojs/solid-js@5.0.10
@astrojs/solid-js@5.0.5
@astrojs/solid-js@5.0.6
@astrojs/solid-js@5.0.7
@astrojs/solid-js@5.0.8
@astrojs/solid-js@5.0.9
@astrojs/solid-js@5.1.0
@astrojs/solid-js@5.1.1
@astrojs/solid-js@5.1.2
@astrojs/solid-js@5.1.3
@astrojs/studio@0.*
@astrojs/studio@0.1.5
@astrojs/studio@0.1.6
@astrojs/studio@0.1.7
@astrojs/studio@0.1.8
@astrojs/studio@0.1.9
@astrojs/svelte@7.*
@astrojs/svelte@7.0.10
@astrojs/svelte@7.0.11
@astrojs/svelte@7.0.12
@astrojs/svelte@7.0.13
@astrojs/svelte@7.0.5
@astrojs/svelte@7.0.6
@astrojs/svelte@7.0.7
@astrojs/svelte@7.0.8
@astrojs/svelte@7.0.9
@astrojs/svelte@7.1.0
@astrojs/svelte@7.1.1
@astrojs/svelte@7.2.0
@astrojs/svelte@7.2.1
@astrojs/svelte@7.2.2
@astrojs/tailwind@6.*
@astrojs/tailwind@6.0.0
@astrojs/tailwind@6.0.1
@astrojs/tailwind@6.0.2
@astrojs/telemetry@3.*
@astrojs/telemetry@3.2.1
@astrojs/telemetry@3.3.0
@astrojs/underscore-redirects@0.*
@astrojs/underscore-redirects@0.6.1
@astrojs/underscore-redirects@1.*
@astrojs/underscore-redirects@1.0.0
@astrojs/upgrade@0.*
@astrojs/upgrade@0.5.0
@astrojs/upgrade@0.5.1
@astrojs/upgrade@0.5.2
@astrojs/upgrade@0.6.0
@astrojs/upgrade@0.6.1
@astrojs/upgrade@0.6.2
@astrojs/vercel@8.*
@astrojs/vercel@8.0.7
@astrojs/vercel@8.0.8
@astrojs/vercel@8.1.0
@astrojs/vercel@8.1.1
@astrojs/vercel@8.1.2
@astrojs/vercel@8.1.3
@astrojs/vercel@8.1.4
@astrojs/vercel@8.1.5
@astrojs/vercel@8.2.0
@astrojs/vercel@8.2.1
@astrojs/vercel@8.2.10
@astrojs/vercel@8.2.11
@astrojs/vercel@8.2.2
@astrojs/vercel@8.2.3
@astrojs/vercel@8.2.4
@astrojs/vercel@8.2.5
@astrojs/vercel@8.2.6
@astrojs/vercel@8.2.7
@astrojs/vercel@8.2.8
@astrojs/vercel@8.2.9
@astrojs/vue@5.*
@astrojs/vue@5.0.10
@astrojs/vue@5.0.11
@astrojs/vue@5.0.12
@astrojs/vue@5.0.13
@astrojs/vue@5.0.7
@astrojs/vue@5.0.8
@astrojs/vue@5.0.9
@astrojs/vue@5.1.0
@astrojs/vue@5.1.1
@astrojs/vue@5.1.2
@astrojs/vue@5.1.3
@astrojs/web-vitals@3.*
@astrojs/web-vitals@3.0.2
@astrojs/web-vitals@4.*
@astrojs/web-vitals@4.0.0
astro-vscode@2.*
astro-vscode@2.16.0
astro@5.*
astro@5.10.0
astro@5.10.1
astro@5.10.2
astro@5.11.0
astro@5.11.1
astro@5.11.2
astro@5.12.0
astro@5.12.1
astro@5.12.2
astro@5.12.3
astro@5.12.4
astro@5.12.5
astro@5.12.6
astro@5.12.7
astro@5.12.8
astro@5.12.9
astro@5.13.0
astro@5.13.1
astro@5.13.10
astro@5.13.11
astro@5.13.2
astro@5.13.3
astro@5.13.4
astro@5.13.5
astro@5.13.6
astro@5.13.7
astro@5.13.8
astro@5.13.9
astro@5.14.0
astro@5.14.1
astro@5.14.3
astro@5.14.4
astro@5.14.5
astro@5.14.6
astro@5.14.7
astro@5.14.8
astro@5.15.0
astro@5.15.1
astro@5.15.2
astro@5.15.3
astro@5.15.4
astro@5.15.5
astro@5.2.0
astro@5.2.1
astro@5.2.2
astro@5.2.3
astro@5.2.4
astro@5.2.5
astro@5.2.6
astro@5.3.0
astro@5.3.1
astro@5.4.0
astro@5.4.1
astro@5.4.2
astro@5.4.3
astro@5.5.0
astro@5.5.1
astro@5.5.2
astro@5.5.3
astro@5.5.4
astro@5.5.5
astro@5.5.6
astro@5.6.0
astro@5.6.1
astro@5.6.2
astro@5.7.0
astro@5.7.1
astro@5.7.10
astro@5.7.11
astro@5.7.12
astro@5.7.13
astro@5.7.14
astro@5.7.2
astro@5.7.3
astro@5.7.4
astro@5.7.5
astro@5.7.6
astro@5.7.7
astro@5.7.8
astro@5.7.9
astro@5.8.0
astro@5.8.1
astro@5.8.2
astro@5.9.0
astro@5.9.1
astro@5.9.2
astro@5.9.3
astro@5.9.4
create-astro@4.*
create-astro@4.11.1
create-astro@4.11.2
create-astro@4.11.3
create-astro@4.11.4
create-astro@4.12.0
create-astro@4.12.1
create-astro@4.13.0
create-astro@4.13.1
create-astro@4.13.2