CVE-2025-57822

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-57822

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-57822.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-57822

Aliases

GHSA-4342-x723-ch2f

Related

CGA-wpvj-5hjh-p49g

Published

2025-08-29T21:33:15.304Z

Modified

2026-02-28T05:09:09.680891Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N CVSS Calculator

Summary

Next.js Improper Middleware Redirect Handling Leads to SSRF

Details

Next.js is a React framework for building full-stack web applications. Prior to versions 14.2.32 and 15.4.7, when next() was used without explicitly passing the request object, it could lead to SSRF in self-hosted applications that incorrectly forwarded user-supplied headers. This vulnerability has been fixed in Next.js versions 14.2.32 and 15.4.7. All users implementing custom middleware logic in self-hosted environments are strongly encouraged to upgrade and verify correct usage of the next() function.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/57xxx/CVE-2025-57822.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-918"
    ]
}

References

Affected packages

Git / github.com/vercel/next.js

Affected ranges

Type: GIT
Repo: https://github.com/vercel/next.js
Events: Introduced

51bfe3c1863b191f4b039bc230e8ed5c57b0baf3

Fixed

f30d815859e932e09222e93bb6e8a376b918d874

Affected versions

v15.*

v15.0.0

v15.0.1

v15.0.1-canary.0

v15.0.1-canary.1

v15.0.1-canary.2

v15.0.1-canary.3

v15.0.2

v15.0.2-canary.0

v15.0.2-canary.1

v15.0.2-canary.10

v15.0.2-canary.11

v15.0.2-canary.2

v15.0.2-canary.3

v15.0.2-canary.4

v15.0.2-canary.5

v15.0.2-canary.6

v15.0.2-canary.7

v15.0.2-canary.8

v15.0.2-canary.9

v15.0.3

v15.0.3-canary.0

v15.0.3-canary.1

v15.0.3-canary.2

v15.0.3-canary.3

v15.0.3-canary.4

v15.0.3-canary.5

v15.0.3-canary.6

v15.0.3-canary.7

v15.0.3-canary.8

v15.0.3-canary.9

v15.0.4-canary.0

v15.0.4-canary.1

v15.0.4-canary.10

v15.0.4-canary.11

v15.0.4-canary.12

v15.0.4-canary.13

v15.0.4-canary.14

v15.0.4-canary.15

v15.0.4-canary.16

v15.0.4-canary.17

v15.0.4-canary.18

v15.0.4-canary.19

v15.0.4-canary.2

v15.0.4-canary.20

v15.0.4-canary.21

v15.0.4-canary.22

v15.0.4-canary.23

v15.0.4-canary.24

v15.0.4-canary.25

v15.0.4-canary.26

v15.0.4-canary.27

v15.0.4-canary.28

v15.0.4-canary.29

v15.0.4-canary.3

v15.0.4-canary.30

v15.0.4-canary.31

v15.0.4-canary.32

v15.0.4-canary.33

v15.0.4-canary.34

v15.0.4-canary.35

v15.0.4-canary.36

v15.0.4-canary.37

v15.0.4-canary.38

v15.0.4-canary.39

v15.0.4-canary.4

v15.0.4-canary.40

v15.0.4-canary.41

v15.0.4-canary.42

v15.0.4-canary.43

v15.0.4-canary.44

v15.0.4-canary.45

v15.0.4-canary.46

v15.0.4-canary.47

v15.0.4-canary.48

v15.0.4-canary.49

v15.0.4-canary.5

v15.0.4-canary.50

v15.0.4-canary.51

v15.0.4-canary.52

v15.0.4-canary.6

v15.0.4-canary.7

v15.0.4-canary.8

v15.0.4-canary.9

v15.1.0

v15.1.1-canary.0

v15.1.1-canary.1

v15.1.1-canary.10

v15.1.1-canary.11

v15.1.1-canary.12

v15.1.1-canary.13

v15.1.1-canary.14

v15.1.1-canary.15

v15.1.1-canary.16

v15.1.1-canary.17

v15.1.1-canary.18

v15.1.1-canary.19

v15.1.1-canary.2

v15.1.1-canary.20

v15.1.1-canary.21

v15.1.1-canary.22

v15.1.1-canary.23

v15.1.1-canary.24

v15.1.1-canary.25

v15.1.1-canary.26

v15.1.1-canary.27

v15.1.1-canary.3

v15.1.1-canary.4

v15.1.1-canary.5

v15.1.1-canary.6

v15.1.1-canary.7

v15.1.1-canary.8

v15.1.1-canary.9

v15.2.0

v15.2.0-canary.0

v15.2.0-canary.1

v15.2.0-canary.10

v15.2.0-canary.11

v15.2.0-canary.12

v15.2.0-canary.13

v15.2.0-canary.14

v15.2.0-canary.15

v15.2.0-canary.16

v15.2.0-canary.17

v15.2.0-canary.18

v15.2.0-canary.19

v15.2.0-canary.2

v15.2.0-canary.20

v15.2.0-canary.21

v15.2.0-canary.22

v15.2.0-canary.23

v15.2.0-canary.24

v15.2.0-canary.25

v15.2.0-canary.26

v15.2.0-canary.27

v15.2.0-canary.28

v15.2.0-canary.29

v15.2.0-canary.3

v15.2.0-canary.30

v15.2.0-canary.31

v15.2.0-canary.32

v15.2.0-canary.33

v15.2.0-canary.34

v15.2.0-canary.35

v15.2.0-canary.36

v15.2.0-canary.38

v15.2.0-canary.39

v15.2.0-canary.4

v15.2.0-canary.40

v15.2.0-canary.41

v15.2.0-canary.42

v15.2.0-canary.43

v15.2.0-canary.44

v15.2.0-canary.45

v15.2.0-canary.46

v15.2.0-canary.47

v15.2.0-canary.48

v15.2.0-canary.49

v15.2.0-canary.5

v15.2.0-canary.50

v15.2.0-canary.51

v15.2.0-canary.52

v15.2.0-canary.53

v15.2.0-canary.54

v15.2.0-canary.55

v15.2.0-canary.56

v15.2.0-canary.57

v15.2.0-canary.58

v15.2.0-canary.59

v15.2.0-canary.6

v15.2.0-canary.60

v15.2.0-canary.61

v15.2.0-canary.62

v15.2.0-canary.63

v15.2.0-canary.64

v15.2.0-canary.65

v15.2.0-canary.66

v15.2.0-canary.67

v15.2.0-canary.68

v15.2.0-canary.69

v15.2.0-canary.7

v15.2.0-canary.70

v15.2.0-canary.71

v15.2.0-canary.72

v15.2.0-canary.73

v15.2.0-canary.74

v15.2.0-canary.75

v15.2.0-canary.76

v15.2.0-canary.77

v15.2.0-canary.8

v15.2.0-canary.9

v15.2.1

v15.2.1-canary.0

v15.2.1-canary.1

v15.2.1-canary.2

v15.2.1-canary.3

v15.2.1-canary.4

v15.2.1-canary.5

v15.2.1-canary.6

v15.2.2-canary.0

v15.2.2-canary.1

v15.2.2-canary.2

v15.2.2-canary.3

v15.2.2-canary.4

v15.2.2-canary.5

v15.2.2-canary.6

v15.2.2-canary.7

v15.3.0

v15.3.0-canary.0

v15.3.0-canary.1

v15.3.0-canary.10

v15.3.0-canary.11

v15.3.0-canary.12

v15.3.0-canary.13

v15.3.0-canary.14

v15.3.0-canary.15

v15.3.0-canary.16

v15.3.0-canary.17

v15.3.0-canary.18

v15.3.0-canary.19

v15.3.0-canary.2

v15.3.0-canary.20

v15.3.0-canary.21

v15.3.0-canary.22

v15.3.0-canary.23

v15.3.0-canary.24

v15.3.0-canary.25

v15.3.0-canary.26

v15.3.0-canary.27

v15.3.0-canary.28

v15.3.0-canary.29

v15.3.0-canary.3

v15.3.0-canary.30

v15.3.0-canary.31

v15.3.0-canary.32

v15.3.0-canary.33

v15.3.0-canary.34

v15.3.0-canary.35

v15.3.0-canary.36

v15.3.0-canary.37

v15.3.0-canary.38

v15.3.0-canary.39

v15.3.0-canary.4

v15.3.0-canary.40

v15.3.0-canary.41

v15.3.0-canary.42

v15.3.0-canary.43

v15.3.0-canary.44

v15.3.0-canary.45

v15.3.0-canary.46

v15.3.0-canary.5

v15.3.0-canary.6

v15.3.0-canary.7

v15.3.0-canary.8

v15.3.0-canary.9

v15.3.1-canary.0

v15.3.1-canary.1

v15.3.1-canary.10

v15.3.1-canary.11

v15.3.1-canary.12

v15.3.1-canary.13

v15.3.1-canary.14

v15.3.1-canary.15

v15.3.1-canary.2

v15.3.1-canary.3

v15.3.1-canary.4

v15.3.1-canary.5

v15.3.1-canary.6

v15.3.1-canary.7

v15.3.1-canary.8

v15.3.1-canary.9

v15.4.0

v15.4.0-canary.0

v15.4.0-canary.1

v15.4.0-canary.10

v15.4.0-canary.100

v15.4.0-canary.101

v15.4.0-canary.102

v15.4.0-canary.103

v15.4.0-canary.104

v15.4.0-canary.105

v15.4.0-canary.107

v15.4.0-canary.108

v15.4.0-canary.109

v15.4.0-canary.11

v15.4.0-canary.110

v15.4.0-canary.111

v15.4.0-canary.112

v15.4.0-canary.113

v15.4.0-canary.114

v15.4.0-canary.115

v15.4.0-canary.116

v15.4.0-canary.117

v15.4.0-canary.118

v15.4.0-canary.119

v15.4.0-canary.12

v15.4.0-canary.120

v15.4.0-canary.121

v15.4.0-canary.122

v15.4.0-canary.123

v15.4.0-canary.124

v15.4.0-canary.125

v15.4.0-canary.126

v15.4.0-canary.127

v15.4.0-canary.128

v15.4.0-canary.129

v15.4.0-canary.13

v15.4.0-canary.130

v15.4.0-canary.14

v15.4.0-canary.15

v15.4.0-canary.16

v15.4.0-canary.17

v15.4.0-canary.18

v15.4.0-canary.19

v15.4.0-canary.2

v15.4.0-canary.20

v15.4.0-canary.21

v15.4.0-canary.22

v15.4.0-canary.23

v15.4.0-canary.24

v15.4.0-canary.25

v15.4.0-canary.26

v15.4.0-canary.27

v15.4.0-canary.28

v15.4.0-canary.29

v15.4.0-canary.3

v15.4.0-canary.30

v15.4.0-canary.31

v15.4.0-canary.32

v15.4.0-canary.33

v15.4.0-canary.34

v15.4.0-canary.35

v15.4.0-canary.36

v15.4.0-canary.37

v15.4.0-canary.38

v15.4.0-canary.39

v15.4.0-canary.4

v15.4.0-canary.40

v15.4.0-canary.42

v15.4.0-canary.43

v15.4.0-canary.45

v15.4.0-canary.46

v15.4.0-canary.48

v15.4.0-canary.49

v15.4.0-canary.5

v15.4.0-canary.50

v15.4.0-canary.51

v15.4.0-canary.52

v15.4.0-canary.53

v15.4.0-canary.54

v15.4.0-canary.55

v15.4.0-canary.56

v15.4.0-canary.57

v15.4.0-canary.58

v15.4.0-canary.59

v15.4.0-canary.6

v15.4.0-canary.60

v15.4.0-canary.61

v15.4.0-canary.62

v15.4.0-canary.63

v15.4.0-canary.64

v15.4.0-canary.65

v15.4.0-canary.66

v15.4.0-canary.67

v15.4.0-canary.68

v15.4.0-canary.69

v15.4.0-canary.7

v15.4.0-canary.70

v15.4.0-canary.71

v15.4.0-canary.72

v15.4.0-canary.73

v15.4.0-canary.74

v15.4.0-canary.75

v15.4.0-canary.76

v15.4.0-canary.77

v15.4.0-canary.78

v15.4.0-canary.79

v15.4.0-canary.8

v15.4.0-canary.80

v15.4.0-canary.81

v15.4.0-canary.82

v15.4.0-canary.83

v15.4.0-canary.84

v15.4.0-canary.85

v15.4.0-canary.86

v15.4.0-canary.87

v15.4.0-canary.88

v15.4.0-canary.89

v15.4.0-canary.9

v15.4.0-canary.90

v15.4.0-canary.91

v15.4.0-canary.92

v15.4.0-canary.93

v15.4.0-canary.94

v15.4.0-canary.95

v15.4.0-canary.96

v15.4.0-canary.97

v15.4.0-canary.98

v15.4.0-canary.99

v15.4.1

v15.4.2

v15.4.3

v15.4.4

v15.4.5

v15.4.6

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-57822.json"