CVE-2025-57822

HIGH EPSS 81.4%
Published Aug 29, 202510mo ago · Modified Jun 17, 20261w ago
8.2 CVSS 3.1
High
Find Similar
Published Aug 29, 2025 10mo ago
Last Modified Jun 17, 2026 1w ago

Description

Next.js is a React framework for building full-stack web applications. Prior to versions 14.2.32 and 15.4.7, when next() was used without explicitly passing the request object, it could lead to SSRF in self-hosted applications that incorrectly forwarded user-supplied headers. This vulnerability has been fixed in Next.js versions 14.2.32 and 15.4.7. All users implementing custom middleware logic in self-hosted environments are strongly encouraged to upgrade and verify correct usage of the next() function.

CVSS Details

Base Score
8.2
Exploitability
3.9
Impact
4.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
81.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-918 Server-Side Request Forgery (SSRF) Validation

Affected Products 2

VendorProductVersionRange
vercelnext.js* <14.2.32
vercelnext.js*≥15.0.0  –  <15.4.7

References 3

  • github.com https://github.com/vercel/next.js/commit/9c9aaed5bb9338ef31b0517ccf0ab4414f2093d8
    Patch
  • github.com https://github.com/vercel/next.js/security/advisories/GHSA-4342-x723-ch2f
    Vendor Advisory
  • vercel.com https://vercel.com/changelog/cve-2025-57822
    MitigationVendor Advisory

Remediation

  • github.com https://github.com/vercel/next.js/commit/9c9aaed5bb9338ef31b0517ccf0ab4414f2093d8
    Patch