CVE-2025-57822

Next.js is a React framework for building full-stack web applications. Prior to versions 14.2.32 and 15.4.7, when next() was used without explicitly passing the request object, it could lead to SSRF in self-hosted applications that incorrectly forwarded user-supplied headers. This vulnerability has been fixed in Next.js versions 14.2.32 and 15.4.7. All users implementing custom middleware logic in self-hosted environments are strongly encouraged to upgrade and verify correct usage of the next() function.

Open

LOW (2.5)

System detected CVE-2025-57822
docu-update
System fixed CVE-2025-57822
0.1.0
System fixed CVE-2025-57822
sbom-documentation
System fixed CVE-2025-57822
704-Improve-DevGuard-Setup-Guide
System fixed CVE-2025-57822
add-workflows-components-docus
System fixed CVE-2025-57822
713-Add-link-to-an-overview-of-all-the-Risk-Mitigation-Guides
System fixed CVE-2025-57822
update-gitlab-integration-dokument
System fixed CVE-2025-57822
main
System detected CVE-2025-57822
0.1.0
System updated the risk assessment from 0 to 2.35
main
System recalculated raw risk assessment
System updated the risk assessment from 2.35 to 2.45
main
System recalculated raw risk assessment
System updated the risk assessment from 2.45 to 2.46
main
System recalculated raw risk assessment