CVE-2025-61925 | withastro up to 5.14.1 Header X-Forwarded-Host externally-controlled input to select classes or code (GHSA-5ff5-9fcw-vg88)

A vulnerability classified as critical was found in withastro astro up to 5.14.1. This affects an unknown part of the component Header Handler. The manipulation of the argument X-Forwarded-Host results in use of externally-controlled input to select classes or code.

This vulnerability was named CVE-2025-61925. The attack may be performed from remote. There is no available exploit.

Upgrading the affected component is advised.VulDB Recent EntriesRead More