CVE-2025-55303
Astro allows unauthorized third-party images in _image endpoint
Description
### Summary In affected versions of `astro`, the image optimization endpoint in projects deployed with on-demand rendering allows images from unauthorized third-party domains to be served. ### Details On-demand rendered sites built with Astro include an `/_image` endpoint which returns optimized versions of images. The `/_image` endpoint is restricted to processing local images bundled with the site and also supports remote images from domains the site developer has manually authorized (using the [`image.domains`](https://docs.astro.build/en/reference/configuration-reference/#imagedomains) or [`image.remotePatterns`](https://docs.astro.build/en/reference/configuration-reference/#imageremotepatterns) options). However, a bug in impacted versions of `astro` allows an attacker to bypass the third-party domain restrictions by using a protocol-relative URL as the image source, e.g. `/_image?href=//example.com/image.png`. ### Proof of Concept 1. Create a new minimal Astro project (`astro@5.13.0`). 2. Configure it to use the Node adapter (`@astrojs/node@9.1.0` — newer versions are not impacted): ```js // astro.config.mjs import { defineConfig } from 'astro/config'; import node from '@astrojs/node'; export default defineConfig({ adapter: node({ mode: 'standalone' }), }); ``` 3. Build the site by running `astro build`. 4. Run the server, e.g. with `astro preview`. 5. Append `/_image?href=//placehold.co/600x400` to the preview URL, e.g. <http://localhost:4321/_image?href=//placehold.co/600x400> 6. The site will serve the image from the unauthorized `placehold.co` origin. ### Impact Allows a non-authorized third-party to create URLs on an impacted site’s origin that serve unauthorized image content. In the case of SVG images, this could include the risk of cross-site scripting (XSS) if a user followed a link to a maliciously crafted SVG.
How to fix CVE-2025-55303
To remediate CVE-2025-55303, upgrade the affected package to a fixed version below.
- —upgrade to 5.13.2 or later
- —upgrade to 9.1.1 or later
Is CVE-2025-55303 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.