Shodan
Vulnerabilities
Vulnerable Software
Astro:  >> Astro  >> 5.15.8  Security Vulnerabilities
CVE-2025-65019
Astro is a web framework. Prior to version 5.15.9, when using Astro's Cloudflare adapter (@astrojs/cloudflare) with output: 'server', the image optimization endpoint (/_image) contains a critical vulnerability in the isRemoteAllowed() function that unconditionally allows data: protocol URLs. This enables Cross-Site Scripting (XSS) attacks through malicious SVG payloads, bypassing domain restrictions and Content Security Policy protections. This issue has been patched in version 5.15.9.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-11-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved