CVE-2025-66415 | fastify fastify-reply-from up to 12.4.x URL confused deputy (GHSA-2q7r-29rg-6m5h)

A vulnerability described as critical has been identified in fastify fastify-reply-from up to 12.4.x. Affected by this vulnerability is an unknown functionality of the component URL Handler. Executing manipulation can lead to unintended intermediary.

This vulnerability is tracked as CVE-2025-66415. The attack can be launched remotely. No exploit exists.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More