CVE-2025-59837

Name of the Vulnerable Software and Affected Versions Astro versions 5.13.4 through 5.13.9

Description Astro’s image proxy has a domain validation bypass issue. Using backslashes in the href parameter can circumvent the validation, enabling server-side requests to arbitrary URLs. This can result in server-side request forgery (SSRF) and potentially cross-site scripting (XSS). This issue is related to an incomplete fix for a previously identified problem.

Recommendations Update to Astro version 5.13.10 or later.