CVE-2025-64525 | withastro up to 5.15.4 Request Header x-forwarded-proto/x-forwarded-port server-side request forgery (GHSA-hr2q-hp5q-x767 / EUVD-2025-175298)

A vulnerability has been found in withastro astro up to 5.15.4 and classified as critical. Affected by this issue is some unknown functionality of the component Request Header Handler. This manipulation of the argument x-forwarded-proto/x-forwarded-port causes server-side request forgery.

This vulnerability is tracked as CVE-2025-64525. The attack is possible to be carried out remotely. No exploit exists.

The affected component should be upgraded.VulDB Recent EntriesRead More