CVE-2025-27415

Name of the Vulnerable Software and Affected Versions Nuxt versions prior to 3.16.0

Description Nuxt is an open-source web development framework for Vue.js. By sending a crafted HTTP request to a server behind a CDN, it is possible to poison the CDN cache, severely impacting the availability of a site. An attacker can craft a request, such as https://mysite.com/?/ payload.json, which will be rendered as JSON. If the CDN ignores the query string when determining whether to cache a route, this JSON response could be served to future visitors. An attacker can exploit this to make a site unavailable indefinitely, or continuously poison the cache to maintain unavailability.

Recommendations Update to version 3.16.0 or later.