CVE-2025-57822

State: PUBLISHED · Published: 2025-08-29 · Updated: 2025-09-02 · Assigner: GitHub_M

Description

Next.js is a React framework for building full-stack web applications. Prior to versions 14.2.32 and 15.4.7, when next() was used without explicitly passing the request object, it could lead to SSRF in self-hosted applications that incorrectly forwarded user-supplied headers. This vulnerability has been fixed in Next.js versions 14.2.32 and 15.4.7. All users implementing custom middleware logic in self-hosted environments are strongly encouraged to upgrade and verify correct usage of the next() function.

CWE

CWE-918 — CWE-918: Server-Side Request Forgery (SSRF)

Affected

vercel / next.js — v=< 14.2.32 [affected]; v=< 15.4.7 [affected]

CVSS

3.1 score=6.5 severity=MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

References

https://github.com/vercel/next.js/security/advisories/GHSA-4342-x723-ch2f x_refsource_CONFIRM
https://github.com/vercel/next.js/commit/9c9aaed5bb9338ef31b0517ccf0ab4414f2093d8 x_refsource_MISC
https://vercel.com/changelog/cve-2025-57822 x_refsource_MISC

Source

cvelistV5-main/cves/2025/57xxx/CVE-2025-57822.json