{
  "canonical_id": "astro--CVE-2025-55303",
  "system_id": "astro",
  "display_name": "Astro",
  "category": "frameworks",
  "advisory_mode": "core",
  "title": "Astro allows unauthorized third-party images in _image endpoint",
  "summary": "### Summary\n\nIn affected versions of `astro`, the image optimization endpoint in projects deployed with on-demand rendering allows images from unauthorized third-party domains to be served.\n\n### Details\n\nOn-demand rendered sites built with Astro include an `/_image` endpoint which returns optimized versions of images.\n\nThe `/_image` endpoint is restricted to processing local images bundled with the site and also supports remote images from domains the site developer has manually authorized (using the [`image.domains`](https://docs.astro.build/en/reference/configuration-reference/#imagedomains) or [`image.remotePatterns`](https://docs.astro.build/en/reference/configuration-reference/#imageremotepatterns) options).\n\nHowever, a bug in impacted versions of `astro` allows an attacker to bypass the third-party domain restrictions by using a protocol-relative URL as the image source, e.g. `/_image?href=//example.com/image.png`.\n\n### Proof of Concept\n\n1. Create a new minimal Astro project (`astro@5.13.0`).\n\n2. Configure it to use the Node adapter (`@astrojs/node@9.1.0` \u2014 newer versions are not impacted):\n\n   ```js\n   // astro.config.mjs\n   import { defineConfig } from 'astro/config';\n   import node from '@astrojs/node';\n\n   export default defineConfig({\n   \tadapter: node({ mode: 'standalone' }),\n   });\n   ```\n\n3. Build the site by running `astro build`.\n\n4. Run the server, e.g. with `astro preview`.\n\n5. Append `/_image?href=//placehold.co/600x400` to the preview URL, e.g. <http://localhost:4321/_image?href=//placehold.co/600x400>\n\n6. The site will serve the image from the unauthorized `placehold.co` origin.\n\n### Impact\n\nAllows a non-authorized third-party to create URLs on an impacted site\u2019s origin that serve unauthorized image content.\nIn the case of SVG images, this could include the risk of cross-site scripting (XSS) if a user followed a link to a maliciously crafted SVG.",
  "published_at": "2025-08-19T15:40:31Z",
  "updated_at": "2025-11-27T08:22:36.525875Z",
  "severity": "low",
  "cvss_score": 3.1,
  "exploit_status": "unknown",
  "source_confidence": "official",
  "official_source_url": "https://github.com/withastro/astro/security/advisories/GHSA-xf8x-j4p2-f749",
  "secondary_source_urls": [
    "https://nvd.nist.gov/vuln/detail/CVE-2025-55303",
    "https://github.com/withastro/astro/commit/4d16de7f95db5d1ec1ce88610d2a95e606e83820",
    "https://github.com/withastro/astro"
  ],
  "aliases": [
    "CVE-2025-55303",
    "GHSA-xf8x-j4p2-f749"
  ],
  "cve_ids": [
    "CVE-2025-55303"
  ],
  "ghsa_ids": [
    "GHSA-xf8x-j4p2-f749"
  ],
  "osv_ids": [
    "GHSA-xf8x-j4p2-f749"
  ],
  "affected_versions": [
    "introduced=5.0.0-alpha.0, fixed<5.13.2",
    "introduced=0, fixed<9.1.1",
    "introduced=0, fixed<4.16.19"
  ],
  "fixed_versions": [
    "5.13.2",
    "9.1.1",
    "4.16.19"
  ],
  "package_name": "astro",
  "render_markdown": true,
  "case_path": "07-framework-security/frameworks/astro/cases/astro-cve-2025-55303.md",
  "secure_code_topics": [
    "authz-server-side-recheck",
    "csp-trusted-types",
    "xss-output-encoding"
  ],
  "status": "generated",
  "triage_reasons": [],
  "verification_status": "triage-manual",
  "verification_mode": "synthetic",
  "last_verified_at": null,
  "last_run_id": null,
  "evidence_bundle": null,
  "historical_status": null,
  "latest_status": null,
  "browser_evidence": {
    "required": false,
    "present": false,
    "refs": []
  },
  "repro_profile_id": "xss-generic",
  "artifact_mode": "synthetic",
  "blocked_reason": null,
  "metadata": {
    "source_names": [
      "OSV Astro"
    ],
    "source_kinds": [
      "osv-batch"
    ],
    "candidate_count": 1
  }
}