CVE-2025-58179
HIGH EXPLOITED NUCLEI@astrojs/cloudflare 11.0.3-12.6.5 - Server-Side Request Forgery via Image Optimization Endpoint
Title source: llmExploitation Summary
CVE-2025-58179 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including shitodcy. A Nuclei detection template is also available.
AI-analyzed exploit summary This repository contains a Python script designed to verify the presence of CVE-2025-58179, an SSRF vulnerability in Astro framework's `/_image` endpoint. The script generates a PoC URL and optionally sends an HTTP request to check for vulnerability indicators.
Description
Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URLs it receives, allowing content from unauthorized third-party domains to be served. a A bug in impacted versions of the @astrojs/cloudflare adapter for deployment on Cloudflare’s infrastructure, allows an attacker to bypass the third-party domain restrictions and serve any content from the vulnerable origin. This issue is fixed in version 12.6.6.
Exploits (1)
This repository contains a Python script designed to verify the presence of CVE-2025-58179, an SSRF vulnerability in Astro framework's `/_image` endpoint. The script generates a PoC URL and optionally sends an HTTP request to check for vulnerability indicators.
Nuclei Templates (1)
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N