CVE-2025-57822 – next

Package

Manager: npm
Name: next
Vulnerable Version: >=0 <14.2.32 || >=15.0.0-canary.0 <15.4.7

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.04597 pctl0.88827

Details

Next.js Improper Middleware Redirect Handling Leads to SSRF A vulnerability in **Next.js Middleware** has been fixed in **v14.2.32** and **v15.4.7**. The issue occurred when request headers were directly passed into `NextResponse.next()`. In self-hosted applications, this could allow Server-Side Request Forgery (SSRF) if certain sensitive headers from the incoming request were reflected back into the response. All users implementing custom middleware logic in self-hosted environments are strongly encouraged to upgrade and verify correct usage of the `next()` function. More details at [Vercel Changelog](https://vercel.com/changelog/cve-2025-57822)

Metadata

Created: 2025-08-29T21:33:09Z
Modified: 2025-09-01T20:05:22Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/08/GHSA-4342-x723-ch2f/GHSA-4342-x723-ch2f.json
CWE IDs: ["CWE-918"]
Alternative ID: GHSA-4342-x723-ch2f
Finding: F100
Auto approve: 1