CVE-2025-64765 | withastro up to 5.15.7 decodeURI path traversal

November 19, 2025 Yanac

A vulnerability identified as critical has been detected in withastro astro up to 5.15.7. Affected by this issue is the function decodeURI. This manipulation causes path traversal.

This vulnerability is handled as CVE-2025-64765. The attack can be initiated remotely. There is not any exploit available.

You should upgrade the affected component.VulDB Recent EntriesRead More

CVE-2025-64757 | withastro up to 5.14.2 Image Optimization Endpoint path traversal
CVE-2025-12743 | Google Looker up to 25.13 schemas sql injection (gcp-2025-052)