5.4

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-65019

CVE-2025-65019: Astro Cloudflare adapter has Stored Cross Site Scripting vulnerability in /_image endpoint

Summary

When using Astro's Cloudflare adapter (@astrojs/cloudflare) with output: 'server', the image optimization endpoint (/_image) contains a critical vulnerability in the isRemoteAllowed() function that unconditionally allows data: protocol URLs. This enables Cross-Site Scripting (XSS) attacks through malicious SVG payloads, bypassing domain restrictions and Content Security Policy protections.

Details

On-demand rendered sites built with Astro include an /_image endpoint for image optimization. While this endpoint is designed to restrict processing to local images and authorized remote domains (configured via image.domains or image.remotePatterns), a critical vulnerability exists in the underlying validation logic.

The isRemoteAllowed() function in packages/internal-helpers/src/remote.ts (lines 128-131) unconditionally allows ALL data: protocol URLs without any validation or sanitization. When combined with SVG images containing JavaScript, this creates a vector for XSS attacks.

Vulnerable Code:

/packages/ packages/internal-helpers/src/remote.ts lines 128-131
if (url.protocol === 'data:') {
    return true;  // ← Unconditionally allows ALL data: URLs!
}

The vulnerability manifests differently depending on the image endpoint implementation:

Safe implementation: Server processes SVG and converts to raster format (PNG/JPEG), removing JavaScript
Vulnerable implementation: Server redirects browser to raw SVG data URL, allowing JavaScript execution

PoC

Create a new minimal Astro project (astro@latest)
Configure it to use the Cloudflare adapter (@astrojs/cloudflare@12.6.10)
Deploy to Cloudflare Pages or Workers.
Write page to load SVG Image like : SVG XSS Payload
Open directly the SVG file to show an alert (in read scenarios, the apps that use the framework will use CDN for example, to load SVG, depending that the framework is secure)

Impact

Stored XSS: Malicious URLs can be crafted to execute JavaScript in victim's browser
Session Hijacking: JavaScript can access cookies and session tokens
Account Takeover: Combined with CSRF, can perform unauthorized actions
Data Exfiltration: Sensitive information can be stolen and sent to attacker-controlled servers

References

Vulnerable Function: packages/internal-helpers/src/remote.ts lines 128-131
Similar Vulnerability:: https://dailycve.com/wordpress-stored-xss-via-svg-upload-cve-2025-2575-medium/

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-65019

CVE-2025-65019:

5.4

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
astro	npm	< 5.15.9	5.15.9

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability exists in the isRemoteAllowed function located in packages/internal-helpers/src/remote.ts. The analysis of the security patch in commit 9e9c528191b6f5e06db9daf6ad26b8f68016e533 reveals the root cause. The original code contained a specific block that explicitly and unconditionally allowed any URL using the data: protocol by returning true without further validation. This flaw could be exploited by crafting a data: URL that points to a malicious SVG file containing embedded JavaScript. When Astro's image optimization endpoint (/_image) was used, it would process this URL, leading to the execution of the malicious script in the user's browser. The patch rectifies this by removing the unconditional allowance for data: URLs and instead treats them like other protocols, subjecting them to the same security pattern checks. Therefore, the isRemoteAllowed function is the direct source of the vulnerability.

Vulnerable functions

isRemoteAllowed

packages/internal-helpers/src/remote.ts

The function `isRemoteAllowed` unconditionally returned true for any URL with a `data:` protocol. This allowed an attacker to provide a `data:` URL containing a malicious SVG with embedded JavaScript. When the `/_image` endpoint processed this URL, it would cause the browser to render the SVG and execute the script, leading to a Cross-Site Scripting (XSS) vulnerability.

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

5.4

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-65019: Astro Cloudflare adapter has Stored Cross Site Scripting vulnerability in /_image endpoint

Summary

Details

PoC

Impact

References

CVE-2025-65019:

5.4

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2025-65019: Astro Cloudflare adapter has Stored Cross Site Scripting vulnerability in /_image endpoint

Summary

Details

PoC

Impact

References

Basic Information

Basic Information

5.4

5.4

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI