PT-2025-35327 · Vercel · Next.Js
Reddounsf
·
Published
2025-08-29
·
Updated
2025-09-08
·
CVE-2025-57752
CVSS v3.1
6.2
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Next.js versions prior to 14.2.31
Next.js versions 15.0.0 through 15.4.5
Description
Next.js Image Optimization API routes are susceptible to a cache key confusion issue. When images returned from API routes vary based on request headers, such as
Cookie or Authorization, responses may be incorrectly cached and served to unauthorized users.Recommendations
Upgrade to Next.js version 14.2.31 or later.
Upgrade to Next.js version 15.4.5 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Next.Js