How severe is CVE-2025-66415?

The severity of CVE-2025-66415 has not been assessed with CVSS v3.

CVE-2025-66415

NONE

fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even t

Published: 12/1/2025Updated: 12/2/2025

Description

fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is fixed in 12.5.0.

AI AnalysisPowered by AI

References

https://github.com/fastify/fastify-reply-from/commit/4d9795cd5b57a36756d37b7f036eae369f69fa66
https://github.com/fastify/fastify-reply-from/security/advisories/GHSA-2q7r-29rg-6m5h