Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2025-57822

MEDIUM
Published 2025-08-29T21:33:15.304Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2025-57822. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
6.5
/10
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
Base Score Metrics
Exploitability: N/A Impact: N/A

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
LOW
Availability
NONE

Description

Next.js is a React framework for building full-stack web applications. Prior to versions 14.2.32 and 15.4.7, when next() was used without explicitly passing the request object, it could lead to SSRF in self-hosted applications that incorrectly forwarded user-supplied headers. This vulnerability has been fixed in Next.js Middleware versions 14.2.32 and 15.4.7. All users implementing custom middleware logic in self-hosted environments are strongly encouraged to upgrade and verify correct usage of the next() function.

Available Exploits

Next.js Middleware - Server-Side Request Forgery

In Next.js prior to versions 14.2.32 and 15.4.7, when request headerswere insecurely passed to NextResponse.next(), an attacker could exploit this behavior to perform Server-Side Request Forgery (SSRF) attacks.

ID: CVE-2025-57822
Author: prdngrnicolas-latacora Medium

References:

Related News

No news articles found for this CVE.

Affected Products

vercel

next.js

Affected Versions:

< 14.2.32 < 15.4.7

EU Vulnerability Database

Monitored by ENISA for EU cybersecurity

EU Coordination

EU Coordinated

Exploitation Status

No Known Exploitation

EUVD ID

View on ENISA

ENISA Analysis

Next.js is a React framework for building full-stack web applications. Prior to versions 14.2.32 and 15.4.7, when next() was used without explicitly passing the request object, it could lead to SSRF in self-hosted applications that incorrectly forwarded user-supplied headers. This vulnerability has been fixed in Next.js Middleware versions 14.2.32 and 15.4.7. All users implementing custom middleware logic in self-hosted environments are strongly encouraged to upgrade and verify correct usage of the next() function.

Affected Products (ENISA)

vercel
next.js

ENISA Scoring

CVSS Score (3.1)

6.5
/10
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

EPSS Score

4.940
probability

ENISA References

https://github.com/vercel/next.js/security/advisories/GHSA-4342-x723-ch2f
https://github.com/vercel/next.js/commit/9c9aaed5bb9338ef31b0517ccf0ab4414f2093d8
https://vercel.com/changelog/cve-2025-57822

Data provided by ENISA EU Vulnerability Database. Last updated: August 29, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Next.js Improper Middleware Redirect Handling Leads to SSRF

GHSA-4342-x723-ch2f

Advisory Details

A vulnerability in **Next.js Middleware** has been fixed in **v14.2.32** and **v15.4.7**. The issue occurred when request headers were directly passed into `NextResponse.next()`. In self-hosted applications, this could allow Server-Side Request Forgery (SSRF) if certain sensitive headers from the incoming request were reflected back into the response. All users implementing custom middleware logic in self-hosted environments are strongly encouraged to upgrade and verify correct usage of the `next()` function. More details at [Vercel Changelog](https://vercel.com/changelog/cve-2025-57822)

Affected Packages

npm next
ECOSYSTEM: ≥0 <14.2.32
npm next
ECOSYSTEM: ≥15.0.0-canary.0 <15.4.7

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

References

WEB https://github.com/vercel/next.js/security/advisories/GHSA-4342-x723-ch2f
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-57822
WEB https://github.com/vercel/next.js/commit/9c9aaed5bb9338ef31b0517ccf0ab4414f2093d8
PACKAGE https://github.com/vercel/next.js
WEB https://vercel.com/changelog/cve-2025-57822

Advisory provided by GitHub Security Advisory Database. Published: August 29, 2025, Modified: September 1, 2025

Social Media Intelligence

Real-time discussions and threat intelligence from social platforms

1 post
Reddit 1 week ago
amyegan

Vercel Community News Cache (2025-09-01) Highlights from last week in the Vercel community... * Vercel celebrated 10 years of supporting a faster, more personalized web * People shared how they use Vercel to help their communities * An app to support families in the tubie community * A planner for …

5
5.0
View Original

References

https://github.com/vercel/next.js/security/advisories/GHSA-4342-x723-ch2f
https://github.com/vercel/next.js/commit/9c9aaed5bb9338ef31b0517ccf0ab4414f2093d8
https://vercel.com/changelog/cve-2025-57822
Published: 2025-08-29T21:33:15.304Z
Last Modified: 2025-08-29T21:41:55.682Z
Copied to clipboard!