Vercel · Next.Js · CVE-2025-13984
**Name of the Vulnerable Software and Affected Versions**
Next.Js versions 0.0.0 through 1.6.3
Next.Js versions 2.0.0 through 2.0.0
**Description**
A security issue exists in Next.Js related to a permissive cross-domain security policy with untrusted domains, which can lead to Cross-Site Scripting (XSS). This allows for potential malicious code execution within the context of a user's browser.
**Recommendations**
Update Next.Js to version 1.6.4 or later.
Update Next.Js to version 2.0.1 or later.