QwikSec

Security Database

CVE

CWE

Training

CVE-2025-66415

Published: Dec 1, 2025

Modified: Dec 2, 2025

PUBLISHED

Description

fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is fixed in 12.5.0.

Vendor	Product	Versions
fastify	fastify-reply-from	affected `< 12.5.0`

Weaknesses (CWE)

References

https://github.com/fastify/fastify-reply-from/security/advisories/GHSA-2q7r-29rg-6m5h

x_refsource_CONFIRM

https://github.com/fastify/fastify-reply-from/commit/4d9795cd5b57a36756d37b7f036eae369f69fa66

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.