GHSA-4342-x723-ch2f

Suggest an improvement
Source
https://github.com/advisories/GHSA-4342-x723-ch2f
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/08/GHSA-4342-x723-ch2f/GHSA-4342-x723-ch2f.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-4342-x723-ch2f
Aliases
  • CVE-2025-57822
Published
2025-08-29T21:33:09Z
Modified
2025-08-29T22:42:23.364681Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N CVSS Calculator
Summary
Next.js Improper Middleware Redirect Handling Leads to SSRF
Details

A vulnerability in Next.js Middleware has been fixed in v14.2.32 and v15.4.7. The issue occurred when request headers were directly passed into NextResponse.next(). In self-hosted applications, this could allow Server-Side Request Forgery (SSRF) if certain sensitive headers from the incoming request were reflected back into the response.

All users implementing custom middleware logic in self-hosted environments are strongly encouraged to upgrade and verify correct usage of the next() function.

More details at Vercel Changelog

Database specific 
{
    "severity": "MODERATE",
    "github_reviewed_at": "2025-08-29T21:33:09Z",
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-918"
    ],
    "github_reviewed": true
}
References

Affected packages

npm / next

Package

Name
next
View open source insights on deps.dev
Purl
pkg:npm/next

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.2.32

npm / next

Package

Name
next
View open source insights on deps.dev
Purl
pkg:npm/next

Affected ranges

Type
SEMVER
Events
Introduced
15.0.0-canary.0
Fixed
15.4.7