DevGuard Logo

🛡️ DevGuard
Group
/📚 DevGuard Documentation
Repository

Overview
Compliance
Artifacts
Code Risks
Dependency Risks
License Risks
Dependencies

CVE-2025-57822

Next.js is a React framework for building full-stack web applications. Prior to versions 14.2.32 and 15.4.7, when next() was used without explicitly passing the request object, it could lead to SSRF in self-hosted applications that incorrectly forwarded user-supplied headers. This vulnerability has been fixed in Next.js versions 14.2.32 and 15.4.7. All users implementing custom middleware logic in self-hosted environments are strongly encouraged to upgrade and verify correct usage of the next() function.

Open
LOW (2.4)
  • logo

    System detected CVE-2025-57822

    docu-update
  • logo

    System fixed CVE-2025-57822

    0.1.0
  • logo

    System detected CVE-2025-57822

    0.1.0
  • logo

    System updated the risk assessment from 0 to 2.35

    0.1.0

    System recalculated raw risk assessment

Add a comment

Mark as False Positive
Last calculated at:

Affected component

next

Installed version:
14.2.23
Fixed in:
14.2.32
Show in dependency graph

Quick Fix

Update all Dependencies
Update only next

Management decisions across the organization

GitHubImprintTerms of UsePrivacy
Copyright © 2025 L3montree GmbH and the DevGuard Contributors. All rights reserved. Version 2ab7b793efd72421aea8c3a994ac60202bf1b3a5