Moderate severityNVD Advisory· Published Aug 29, 2025· Updated Sep 2, 2025
Next.js Improper Middleware Redirect Handling Leads to SSRF
CVE-2025-57822
Description
Next.js is a React framework for building full-stack web applications. Prior to versions 14.2.32 and 15.4.7, when next() was used without explicitly passing the request object, it could lead to SSRF in self-hosted applications that incorrectly forwarded user-supplied headers. This vulnerability has been fixed in Next.js versions 14.2.32 and 15.4.7. All users implementing custom middleware logic in self-hosted environments are strongly encouraged to upgrade and verify correct usage of the next() function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
nextnpm | >= 0.9.9, < 14.2.32 | 14.2.32 |
nextnpm | >= 15.0.0-canary.0, < 15.4.7 | 15.4.7 |
Affected products
14- osv-coords13 versionspkg:apk/chainguard/jitsucom-jitsupkg:apk/chainguard/jitsucom-jitsu-consolepkg:apk/chainguard/jitsucom-jitsu-rotorpkg:apk/chainguard/langfusepkg:apk/chainguard/langfuse-compatpkg:apk/chainguard/langfuse-workerpkg:apk/wolfi/jitsucom-jitsupkg:apk/wolfi/jitsucom-jitsu-consolepkg:apk/wolfi/jitsucom-jitsu-rotorpkg:apk/wolfi/langfusepkg:apk/wolfi/langfuse-compatpkg:apk/wolfi/langfuse-workerpkg:npm/next
< 2.11.0-r1+ 12 more
- (no CPE)range: < 2.11.0-r1
- (no CPE)range: < 2.11.0-r1
- (no CPE)range: < 2.11.0-r1
- (no CPE)range: < 3.106.1-r1
- (no CPE)range: < 3.106.1-r1
- (no CPE)range: < 3.106.1-r1
- (no CPE)range: < 2.11.0-r1
- (no CPE)range: < 2.11.0-r1
- (no CPE)range: < 2.11.0-r1
- (no CPE)range: < 3.106.1-r1
- (no CPE)range: < 3.106.1-r1
- (no CPE)range: < 3.106.1-r1
- (no CPE)range: >= 0.9.9, < 14.2.32
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-4342-x723-ch2fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-57822ghsaADVISORY
- github.com/vercel/next.js/commit/9c9aaed5bb9338ef31b0517ccf0ab4414f2093d8ghsax_refsource_MISCWEB
- github.com/vercel/next.js/security/advisories/GHSA-4342-x723-ch2fghsax_refsource_CONFIRMWEB
- vercel.com/changelog/cve-2025-57822ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.