Количество 2
Количество 2
CVE-2025-66202
Astro is a web framework. Versions 5.15.7 and below have a double URL encoding bypass which allows any unauthenticated attacker to bypass path-based authentication checks in Astro middleware, granting unauthorized access to protected routes. While the original CVE-2025-64765 was fixed in v5.15.8, the fix is insufficient as it only decodes once. By using double-encoded URLs, attackers can still bypass authentication and access any route protected by middleware pathname checks. This issue is fixed in version 5.15.8.
GHSA-whqg-ppgf-wp8c
Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-66202 Astro is a web framework. Versions 5.15.7 and below have a double URL encoding bypass which allows any unauthenticated attacker to bypass path-based authentication checks in Astro middleware, granting unauthorized access to protected routes. While the original CVE-2025-64765 was fixed in v5.15.8, the fix is insufficient as it only decodes once. By using double-encoded URLs, attackers can still bypass authentication and access any route protected by middleware pathname checks. This issue is fixed in version 5.15.8. | CVSS3: 6.5 | 0% Низкий | 2 месяца назад |
| GHSA-whqg-ppgf-wp8c Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765 | CVSS3: 6.5 | 0% Низкий | 2 месяца назад |
Уязвимостей на страницу