CVE-2025-64757

CVSS v3.1

3.5

Low

Vector

AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Astro versions prior to 5.14.3

Description Astro’s development server has a flaw that allows unauthorized access to local image files. This affects Astro development environments and enables remote attackers to read any image file accessible to the Node.js process on the host system. The issue is related to the image optimization endpoint. The Node.js process is used to serve images.

Recommendations Update to version 5.14.3 or later.

Exploit

Fix

Path traversal

Relative Path Traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-23

Related Identifiers

CVE-2025-64757

GHSA-X3H8-62X9-952G

Affected Products

Astro

Node.Js

CVE-2025-64757

Weakness Enumeration

Related Identifiers

Affected Products

References · 7