What is CVE-2025-64745?

CVE-2025-64745 is a low-severity vulnerability in Withastro Astro, classified under Cross-site Scripting. CVSS score: 2.7/10. Published 2025-11-13.

How severe is CVE-2025-64745?

Low severity. CVSS v3 base score is 2.7 out of 10.

XSS in Withastro Astro

CVE-2025-64745

Astro is a web framework. Starting in version 5.2.0 and prior to version 5.15.6, a Reflected Cross-Site Scripting (XSS) vulnerability exists in Astro's development server error pages when the `trailingSlash` configuration option is used. A…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (10.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.7 (Low). Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N.

Affected products

Withastro Astro — versions >= 5.2.0, < 5.15.6

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

https://github.com/withastro/astro/security/advisories/GHSA-w2vj-39qv-7vh7 (x_refsource_CONFIRM)
https://github.com/withastro/astro/pull/12994 (x_refsource_MISC)
https://github.com/withastro/astro/commit/790d9425f39bbbb462f1c27615781cd965009f91 (x_refsource_MISC)
https://github.com/withastro/astro/blob/5bc37fd5cade62f753aef66efdf40f982379029a/packages/astro/src/template/4xx.ts#L133-L149 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-64745?: CVE-2025-64745 is a low-severity vulnerability in Withastro Astro, classified under Cross-site Scripting. CVSS score: 2.7/10. Published 2025-11-13.
How severe is CVE-2025-64745?: Low severity. CVSS v3 base score is 2.7 out of 10.