Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-xv57-4mr9-wg8v

GitHub Security Advisory

Next.js Content Injection Vulnerability for Image Optimization

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

A vulnerability in **Next.js Image Optimization** has been fixed in **v15.4.5** and **v14.2.31**. The issue allowed attacker-controlled external image sources to trigger file downloads with arbitrary content and filenames under specific configurations. This behavior could be abused for phishing or malicious file delivery.

All users relying on `images.domains` or `images.remotePatterns` are encouraged to upgrade and verify that external image sources are strictly validated.

More details at [Vercel Changelog](https://vercel.com/changelog/cve-2025-55173)

Affected Packages

npm next
Affected versions: 0.9.9 (fixed in 14.2.31)
npm next
Affected versions: 15.0.0 (fixed in 15.4.5)

Related CVEs

CVE-2025-55173

Key Information

GHSA ID
GHSA-xv57-4mr9-wg8v
Published
August 29, 2025 9:59 PM
Last Modified
September 11, 2025 3:35 PM
CVSS Score
5.0 /10
Primary Ecosystem
npm
Primary Package
next
GitHub Reviewed
✓ Yes

Dataset

Last updated: September 18, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.