Astro · Astro · CVE-2025-55207
Name of the Vulnerable Software and Affected Versions:
Astro versions prior to 9.4.1
Description:
Astro is a web framework for content-driven websites. An open redirect vulnerability exists in certain Astro deployment scenarios. Specifically, when using the Node deployment adapter in standalone mode with `trailingSlash` set to `"always"` in the Astro configuration, a crafted URL can redirect users to an external origin. This can lead to potential credential theft, malware distribution, or phishing attacks, as victims may trust the redirected page due to the legitimate-appearing domain. The vulnerability affects any user who clicks on a specially crafted link.
Recommendations:
Update to Astro version 9.4.1 or later.