Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Lifecycle Timeline
4DescriptionGitHub Advisory
fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is fixed in 12.5.0.
AnalysisAI
A security vulnerability in to forward the current HTTP request to another server. (CVSS 5.4). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
Technical ContextAI
Vulnerability type not specified by vendor. Affects to forward the current HTTP request to another server..
RemediationAI
Apply the vendor-supplied patch immediately.
More in Reply From
View allSame technique Information Disclosure
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-200117
GHSA-2q7r-29rg-6m5h