Cyber Resilience

CVE-2026-25545

MediumPublic PoC

Published: 24 February 2026

Published
24 February 2026
Modified
25 February 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0177 75.2th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-25545 is a medium-severity SSRF (CWE-918) vulnerability in Astro \@Astrojs\/Node. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 24.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).

Deeper analysis

Astro, a web framework for building sites, is affected by a server-side request forgery vulnerability in versions prior to 9.5.4. The flaw occurs in server-side rendered pages that use prerendered custom error pages such as 404.astro or 500.astro. When the Host header is supplied by an untrusted source, the framework fetches content from that header value while serving the error page, allowing an attacker to supply a redirect that reaches internal URLs and returns their response bodies to the original request.

An attacker who can reach the Astro application directly, for example by discovering its origin IP behind a proxy or when no Host validation is present, can exploit the issue by pointing the Host header at a server they control. That server issues a redirect to any internal IP address or localhost service, enabling the attacker to retrieve cloud-instance metadata, interact with internal network endpoints, or read responses that would otherwise be inaccessible. The attack requires no authentication and succeeds when the common custom-error-page feature is enabled.

The vulnerability is resolved in Astro 9.5.4. The project advisory and accompanying commit in the withastro/astro repository describe the SSRF vector and confirm that the patched release prevents the Host header from being used to fetch attacker-controlled redirects during error-page rendering. The associated EPSS scores remain low, with a current value of 0.0514 and a peak of 0.0611.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Astro is a web framework. Prior to version 9.5.4, Server-Side Rendered pages that return an error with a prerendered custom error page (eg. `404.astro` or `500.astro`) are vulnerable to SSRF. If the `Host:` header is changed to an attacker's server,…

more

it will be fetched on `/500.html` and they can redirect this to any internal URL to read the response body through the first request. An attacker who can access the application without `Host:` header validation (eg. through finding the origin IP behind a proxy, or just by default) can fetch their own server to redirect to any internal IP. With this they can fetch cloud metadata IPs and interact with services in the internal network or localhost. For this to be vulnerable, a common feature needs to be used, with direct access to the server (no proxies). Version 9.5.4 fixes the issue.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1552.005 Cloud Instance Metadata API Credential Access
Adversaries may attempt to access the Cloud Instance Metadata API to collect credentials and other sensitive data.
Why these techniques?

SSRF in public-facing Astro SSR app enables T1190 exploitation of web apps via Host header manipulation; directly facilitates T1522 by allowing redirects to and response retrieval from cloud metadata endpoints.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-27829Same product: Astro \@Astrojs\/Node
CVE-2026-29772Same product: Astro \@Astrojs\/Node
CVE-2026-27729Same product: Astro \@Astrojs\/Node
CVE-2026-33039Shared CWE-918
CVE-2026-33351Shared CWE-918
CVE-2025-54122Shared CWE-918
CVE-2026-41905Shared CWE-918
CVE-2025-50180Shared CWE-918
CVE-2026-28423Shared CWE-918
CVE-2026-42595Shared CWE-918

Affected Assets

astro
\@astrojs\/node
≤ 9.5.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely remediation through patching to Astro version 9.5.4 directly eliminates the SSRF flaw in error page rendering triggered by Host header manipulation.

prevent

Boundary protection via reverse proxies or WAFs enforces Host header validation and prevents direct origin server access required for exploitation.

prevent

Input validation of the Host header prevents manipulation that causes the server to fetch attacker-controlled endpoints during error page rendering.

References