CVE-2025-55207: @astrojs/node's trailing slash handling causes open redirect issue

August 15, 2025

Following https://github.com/withastro/astro/security/advisories/GHSA-cq8c-xv66-36gw, there’s still an Open Redirect vulnerability in a subset of Astro deployment scenarios.

References

github.com/advisories/GHSA-9x9c-ghc5-jhw9
github.com/withastro/astro
github.com/withastro/astro/commit/5fc3c599cacb0172cc7d8e1202a5f2e8685d7ef2
github.com/withastro/astro/security/advisories/GHSA-9x9c-ghc5-jhw9
nvd.nist.gov/vuln/detail/CVE-2025-55207

Code Behaviors & Features

Detect and mitigate CVE-2025-55207 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →