{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T10:09:54.132","vulnerabilities":[{"cve":{"id":"CVE-2025-66202","sourceIdentifier":"security-advisories@github.com","published":"2025-12-09T00:15:48.977","lastModified":"2025-12-10T23:46:47.670","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Astro is a web framework. Versions 5.15.7 and below have a double URL encoding bypass which allows any unauthenticated attacker to bypass path-based authentication checks in Astro middleware, granting unauthorized access to protected routes. While the original CVE-2025-64765 was fixed in v5.15.8, the fix is insufficient as it only decodes once. By using double-encoded URLs, attackers can still bypass authentication and access any route protected by middleware pathname checks. This issue is fixed in version 5.15.8."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-647"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:astro:astro:*:*:*:*:*:node.js:*:*","versionEndExcluding":"5.15.8","matchCriteriaId":"1015DFA8-9106-453C-9144-11E63ADA3B67"}]}]}],"references":[{"url":"https://github.com/withastro/astro/commit/6f800813516b07bbe12c666a92937525fddb58ce","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/withastro/astro/security/advisories/GHSA-ggxq-hp9w-j794","source":"security-advisories@github.com","tags":["Not Applicable"]},{"url":"https://github.com/withastro/astro/security/advisories/GHSA-whqg-ppgf-wp8c","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}