CVE-2025-57822HIGH 8.2EPSS p81.3%

CVE-2025-57822CVE-2025-57822

Description

Next.js is a React framework for building full-stack web applications. Prior to versions 14.2.32 and 15.4.7, when next() was used without explicitly passing the request object, it could lead to SSRF in self-hosted applications that incorrectly forwarded user-supplied headers. This vulnerability has been fixed in Next.js versions 14.2.32 and 15.4.7. All users implementing custom middleware logic in self-hosted environments are strongly encouraged to upgrade and verify correct usage of the next() function.

Scoring

CVSS 3.18.2 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
EPSS2.33% probability of exploitation · percentile 81.3% · 2026-06-18T12:00:27Z
Published2025-08-29
Last modified2025-09-08

Underlying weaknesses· 1

CWE-918

References

  1. https://github.com/vercel/next.js/commit/9c9aaed5bb9338ef31b0517ccf0ab4414f2093d8
  2. https://github.com/vercel/next.js/security/advisories/GHSA-4342-x723-ch2f
  3. https://vercel.com/changelog/cve-2025-57822

1

TypeTargetConfidenceTier
WeaknessServer-Side Request Forgery (SSRF)cwe-9180%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-29927
CVE
CVE-2026-44578
CVE
CVE-2026-44574
CVE
CVE-2025-6087
CVE
CVE-2026-42353
CVE
CVE-2025-28062
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.