CVE-2025-66415

Published December 1st, 2025

View on NVD ↗

CVSS v3

5.4

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is fixed in 12.5.0.

fastify/fastify-reply-from

fastify plugin to forward the current http request to another server

GitHub

167