CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-66415

fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is fixed in 12.5.0.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 18.3%

CVSS Severity

CVSS v3 Score 5.4

References

Products affected by CVE-2025-66415

Fastify » Reply-From » Version: N/A

cpe:2.3:a:fastify:reply-from:-
Fastify » Reply-From » Version: 0.1.0

cpe:2.3:a:fastify:reply-from:0.1.0
Fastify » Reply-From » Version: 0.2.0

cpe:2.3:a:fastify:reply-from:0.2.0
Fastify » Reply-From » Version: 0.3.0

cpe:2.3:a:fastify:reply-from:0.3.0
Fastify » Reply-From » Version: 0.4.0

cpe:2.3:a:fastify:reply-from:0.4.0
Fastify » Reply-From » Version: 0.4.1

cpe:2.3:a:fastify:reply-from:0.4.1
Fastify » Reply-From » Version: 0.4.3

cpe:2.3:a:fastify:reply-from:0.4.3
Fastify » Reply-From » Version: 0.4.4

cpe:2.3:a:fastify:reply-from:0.4.4
Fastify » Reply-From » Version: 0.4.5

cpe:2.3:a:fastify:reply-from:0.4.5
Fastify » Reply-From » Version: 0.4.6

cpe:2.3:a:fastify:reply-from:0.4.6
Fastify » Reply-From » Version: 0.5.0

cpe:2.3:a:fastify:reply-from:0.5.0
Fastify » Reply-From » Version: 0.5.2

cpe:2.3:a:fastify:reply-from:0.5.2
Fastify » Reply-From » Version: 0.5.3

cpe:2.3:a:fastify:reply-from:0.5.3
Fastify » Reply-From » Version: 0.5.4

cpe:2.3:a:fastify:reply-from:0.5.4
Fastify » Reply-From » Version: 0.6.0

cpe:2.3:a:fastify:reply-from:0.6.0
Fastify » Reply-From » Version: 0.6.1

cpe:2.3:a:fastify:reply-from:0.6.1
Fastify » Reply-From » Version: 0.6.2

cpe:2.3:a:fastify:reply-from:0.6.2
Fastify » Reply-From » Version: 1.0.0

cpe:2.3:a:fastify:reply-from:1.0.0
Fastify » Reply-From » Version: 1.1.0

cpe:2.3:a:fastify:reply-from:1.1.0
Fastify » Reply-From » Version: 10.0.0

cpe:2.3:a:fastify:reply-from:10.0.0
Fastify » Reply-From » Version: 2.0.0

cpe:2.3:a:fastify:reply-from:2.0.0
Fastify » Reply-From » Version: 2.0.1

cpe:2.3:a:fastify:reply-from:2.0.1
Fastify » Reply-From » Version: 2.2.0

cpe:2.3:a:fastify:reply-from:2.2.0
Fastify » Reply-From » Version: 3.0.0

cpe:2.3:a:fastify:reply-from:3.0.0
Fastify » Reply-From » Version: 3.1.0

cpe:2.3:a:fastify:reply-from:3.1.0
Fastify » Reply-From » Version: 3.1.1

cpe:2.3:a:fastify:reply-from:3.1.1
Fastify » Reply-From » Version: 3.1.2

cpe:2.3:a:fastify:reply-from:3.1.2
Fastify » Reply-From » Version: 3.1.3

cpe:2.3:a:fastify:reply-from:3.1.3
Fastify » Reply-From » Version: 3.1.4

cpe:2.3:a:fastify:reply-from:3.1.4
Fastify » Reply-From » Version: 3.2.0

cpe:2.3:a:fastify:reply-from:3.2.0
Fastify » Reply-From » Version: 3.3.0

cpe:2.3:a:fastify:reply-from:3.3.0
Fastify » Reply-From » Version: 3.4.0

cpe:2.3:a:fastify:reply-from:3.4.0
Fastify » Reply-From » Version: 3.5.0

cpe:2.3:a:fastify:reply-from:3.5.0
Fastify » Reply-From » Version: 4.0.0

cpe:2.3:a:fastify:reply-from:4.0.0
Fastify » Reply-From » Version: 4.0.2

cpe:2.3:a:fastify:reply-from:4.0.2
Fastify » Reply-From » Version: 4.18.0

cpe:2.3:a:fastify:reply-from:4.18.0
Fastify » Reply-From » Version: 5.0.0

cpe:2.3:a:fastify:reply-from:5.0.0
Fastify » Reply-From » Version: 5.0.1

cpe:2.3:a:fastify:reply-from:5.0.1
Fastify » Reply-From » Version: 5.0.2

cpe:2.3:a:fastify:reply-from:5.0.2
Fastify » Reply-From » Version: 5.1.0

cpe:2.3:a:fastify:reply-from:5.1.0
Fastify » Reply-From » Version: 5.2.0

cpe:2.3:a:fastify:reply-from:5.2.0
Fastify » Reply-From » Version: 5.3.0

cpe:2.3:a:fastify:reply-from:5.3.0
Fastify » Reply-From » Version: 6.0.0

cpe:2.3:a:fastify:reply-from:6.0.0
Fastify » Reply-From » Version: 6.0.1

cpe:2.3:a:fastify:reply-from:6.0.1
Fastify » Reply-From » Version: 6.1.0

cpe:2.3:a:fastify:reply-from:6.1.0
Fastify » Reply-From » Version: 6.2.0

cpe:2.3:a:fastify:reply-from:6.2.0
Fastify » Reply-From » Version: 6.3.0

cpe:2.3:a:fastify:reply-from:6.3.0
Fastify » Reply-From » Version: 6.4.0

cpe:2.3:a:fastify:reply-from:6.4.0
Fastify » Reply-From » Version: 6.4.1

cpe:2.3:a:fastify:reply-from:6.4.1
Fastify » Reply-From » Version: 6.4.2

cpe:2.3:a:fastify:reply-from:6.4.2
Fastify » Reply-From » Version: 6.4.3

cpe:2.3:a:fastify:reply-from:6.4.3
Fastify » Reply-From » Version: 6.5.0

cpe:2.3:a:fastify:reply-from:6.5.0
Fastify » Reply-From » Version: 6.6.0

cpe:2.3:a:fastify:reply-from:6.6.0
Fastify » Reply-From » Version: 7.0.0

cpe:2.3:a:fastify:reply-from:7.0.0
Fastify » Reply-From » Version: 7.0.1

cpe:2.3:a:fastify:reply-from:7.0.1
Fastify » Reply-From » Version: 8.0.0

cpe:2.3:a:fastify:reply-from:8.0.0
Fastify » Reply-From » Version: 8.1.0

cpe:2.3:a:fastify:reply-from:8.1.0
Fastify » Reply-From » Version: 8.2.0

cpe:2.3:a:fastify:reply-from:8.2.0
Fastify » Reply-From » Version: 8.2.1

cpe:2.3:a:fastify:reply-from:8.2.1
Fastify » Reply-From » Version: 8.3.0

cpe:2.3:a:fastify:reply-from:8.3.0
Fastify » Reply-From » Version: 8.3.1

cpe:2.3:a:fastify:reply-from:8.3.1
Fastify » Reply-From » Version: 8.4.0

cpe:2.3:a:fastify:reply-from:8.4.0
Fastify » Reply-From » Version: 8.4.1

cpe:2.3:a:fastify:reply-from:8.4.1
Fastify » Reply-From » Version: 8.4.2

cpe:2.3:a:fastify:reply-from:8.4.2
Fastify » Reply-From » Version: 8.4.3

cpe:2.3:a:fastify:reply-from:8.4.3
Fastify » Reply-From » Version: 9.0.0

cpe:2.3:a:fastify:reply-from:9.0.0
Fastify » Reply-From » Version: 9.0.1

cpe:2.3:a:fastify:reply-from:9.0.1
Fastify » Reply-From » Version: 9.0.2

cpe:2.3:a:fastify:reply-from:9.0.2
Fastify » Reply-From » Version: 9.1.0

cpe:2.3:a:fastify:reply-from:9.1.0
Fastify » Reply-From » Version: 9.2.0

cpe:2.3:a:fastify:reply-from:9.2.0
Fastify » Reply-From » Version: 9.3.0

cpe:2.3:a:fastify:reply-from:9.3.0
Fastify » Reply-From » Version: 9.4.0

cpe:2.3:a:fastify:reply-from:9.4.0
Fastify » Reply-From » Version: 9.5.0

cpe:2.3:a:fastify:reply-from:9.5.0
Fastify » Reply-From » Version: 9.6.0

cpe:2.3:a:fastify:reply-from:9.6.0
Fastify » Reply-From » Version: 9.7.0

cpe:2.3:a:fastify:reply-from:9.7.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-66415

Products

Pricing

Contact Us