{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T02:33:33.364","vulnerabilities":[{"cve":{"id":"CVE-2025-54793","sourceIdentifier":"security-advisories@github.com","published":"2025-08-08T01:15:24.950","lastModified":"2025-11-25T15:14:31.713","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Astro is a web framework for content-driven websites. In versions 5.2.0 through 5.12.7, there is an Open Redirect vulnerability in the trailing slash redirection logic when handling paths with double slashes. This allows an attacker to redirect users to arbitrary external domains by crafting URLs such as https://mydomain.com//malicious-site.com/. This increases the risk of phishing and other social engineering attacks. This affects sites that use on-demand rendering (SSR) with the Node or Cloudflare adapters. It does not affect static sites, or sites deployed to Netlify or Vercel. This issue is fixed in version 5.12.8. To work around this issue at the network level, block outgoing redirect responses with a Location header value that starts with `//`."},{"lang":"es","value":"Astro es un framework web para sitios web basados en contenido. En las versiones 5.2.0 a 5.12.7, existe una vulnerabilidad de redirección abierta en la lógica de redirección de barras diagonales finales al gestionar rutas con barras diagonales dobles. Esto permite a un atacante redirigir a los usuarios a dominios externos arbitrarios mediante la manipulación de URL como https://mydomain.com//malicious-site.com/. Esto aumenta el riesgo de phishing y otros ataques de ingeniería social. Afecta a sitios que utilizan renderizado bajo demanda (SSR) con los adaptadores Node o Cloudflare. No afecta a sitios estáticos ni a sitios implementados en Netlify o Vercel. Este problema se solucionó en la versión 5.12.8. Para solucionar este problema a nivel de red, bloquee las respuestas de redirección salientes con un valor de encabezado de ubicación que comience por `//`."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:astro:astro:*:*:*:*:*:node.js:*:*","versionStartIncluding":"5.2.0","versionEndExcluding":"5.12.7","matchCriteriaId":"9D7791B2-1975-4AE6-AFFC-E1074A2CEF28"}]}]}],"references":[{"url":"https://github.com/withastro/astro/commit/0567fb7b50c0c452be387dd7c7264b96bedab48f","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/withastro/astro/security/advisories/GHSA-cq8c-xv66-36gw","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}}]}