A vulnerability in **Next.js Middleware** has been fixed in **v14.2.32** and **v15.4.7**. The issue occurred when request headers were directly passed into `NextResponse.next()`. In self-hosted applications, this could allow Server-Side Request Forgery (SSRF) if certain sensitive headers from the incoming request were reflected back into the response.

All users implementing custom middleware logic in self-hosted environments are strongly encouraged to upgrade and verify correct usage of the `next()` function.

More details at [Vercel Changelog](https://vercel.com/changelog/cve-2025-57822)

Affected Packages

npm next

Affected versions: 0 (fixed in 14.2.32)

npm next

Affected versions: 15.0.0-canary.0 (fixed in 15.4.7)

Related CVEs

CVE-2025-57822

Key Information

GHSA ID

GHSA-4342-x723-ch2f

Published

August 29, 2025 9:33 PM

Last Modified

September 1, 2025 8:05 PM

CVSS Score

5.0 /10

Primary Ecosystem

npm

Primary Package

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 10, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.