GHSA-QPR4-C339-7VQ8
Vulnerability from github – Published: 2025-09-04 19:24 – Updated: 2025-09-05 16:10Summary
When using Astro's Cloudflare adapter (@astrojs/cloudflare) configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URLs it receives, allowing content from unauthorized third-party domains to be served.
Details
On-demand rendered sites built with Astro include an /_image endpoint, which returns optimized versions of images.
The /_image endpoint is restricted to processing local images bundled with the site and also supports remote images from domains the site developer has manually authorized (using the image.domains or image.remotePatterns options).
However, a bug in impacted versions of the @astrojs/cloudflare adapter for deployment on Cloudflare’s infrastructure, allows an attacker to bypass the third-party domain restrictions and serve any content from the vulnerable origin.
PoC
-
Create a new minimal Astro project (
astro@5.13.3) -
Configure it to use the Cloudflare adapter (
@astrojs/cloudflare@12.6.5) and server output:
```js // astro.config.mjs import { defineConfig } from 'astro/config'; import cloudflare from '@astrojs/cloudflare';
export default defineConfig({ output: 'server', adapter: cloudflare(), }); ```
-
Deploy to Cloudflare Pages or Workers
-
Append
/_image?href=https://placehold.co/600x400to the deployment URL. -
This will serve the placeholder image from the unauthorised
placehold.codomain.
Impact
Allows a non-authorized third-party to create URLs on an impacted site’s origin that serve unauthorized content. This includes the risk of server-side request forgery (SSRF) and by extension cross-site scripting (XSS) if a user follows a link to a maliciously crafted URL.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@astrojs/cloudflare"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.3"
},
{
"fixed": "12.6.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-58179"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2025-09-04T19:24:11Z",
"nvd_published_at": "2025-09-05T00:15:32Z",
"severity": "HIGH"
},
"details": "### Summary\n\nWhen using Astro\u0027s Cloudflare adapter (`@astrojs/cloudflare`) configured with `output: \u0027server\u0027` while using the default `imageService: \u0027compile\u0027`, the generated image optimization endpoint doesn\u0027t check the URLs it receives, allowing content from unauthorized third-party domains to be served.\n\n### Details\n\nOn-demand rendered sites built with Astro include an `/_image` endpoint, which returns optimized versions of images.\n\nThe `/_image` endpoint is restricted to processing local images bundled with the site and also supports remote images from domains the site developer has manually authorized (using the [`image.domains`](https://docs.astro.build/en/reference/configuration-reference/#imagedomains) or [`image.remotePatterns`](https://docs.astro.build/en/reference/configuration-reference/#imageremotepatterns) options).\n\nHowever, a bug in impacted versions of the `@astrojs/cloudflare` adapter for deployment on Cloudflare\u2019s infrastructure, allows an attacker to bypass the third-party domain restrictions and serve any content from the vulnerable origin.\n\n### PoC\n\n1. Create a new minimal Astro project (`astro@5.13.3`)\n\n2. Configure it to use the Cloudflare adapter (`@astrojs/cloudflare@12.6.5`) and server output:\n\n ```js\n // astro.config.mjs\n import { defineConfig } from \u0027astro/config\u0027;\n import cloudflare from \u0027@astrojs/cloudflare\u0027;\n\n export default defineConfig({\n output: \u0027server\u0027,\n adapter: cloudflare(),\n });\n ```\n\n3. Deploy to Cloudflare Pages or Workers\n\n4. Append `/_image?href=https://placehold.co/600x400` to the deployment URL.\n\n7. This will serve the placeholder image from the unauthorised `placehold.co` domain.\n\n### Impact\n\nAllows a non-authorized third-party to create URLs on an impacted site\u2019s origin that serve unauthorized content. This includes the risk of server-side request forgery (SSRF) and by extension cross-site scripting (XSS) if a user follows a link to a maliciously crafted URL.",
"id": "GHSA-qpr4-c339-7vq8",
"modified": "2025-09-05T16:10:42Z",
"published": "2025-09-04T19:24:11Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/withastro/astro/security/advisories/GHSA-qpr4-c339-7vq8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58179"
},
{
"type": "WEB",
"url": "https://github.com/withastro/astro/commit/9ecf3598e2b29dd74614328fde3047ea90e67252"
},
{
"type": "PACKAGE",
"url": "https://github.com/withastro/astro"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Server-Side Request Forgery via /_image endpoint in Astro Cloudflare adapter"
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.