Wiz
Base de données de vulnérabilitésCVE-2025-57822

CVE-2025-57822
Wolfi Analyse et atténuation des vulnérabilités

Aperçu

Next.js, a React framework for building full-stack web applications, disclosed a vulnerability (CVE-2025-57822) affecting versions prior to 14.2.32 and 15.4.7. The vulnerability was discovered when next() was used without explicitly passing the request object, which could lead to Server-Side Request Forgery (SSRF) in self-hosted applications that incorrectly forwarded user-supplied headers (NVD, GitHub Advisory).

Détails techniques

The vulnerability lies in how Next.js middleware responses with a Location header are processed. The issue occurred in the getResolveRoutes function within packages/next/src/server/lib/router-utils/resolve-routes.ts, where any response from middleware containing a Location header was treated as a redirect regardless of the HTTP status code. The vulnerability has a CVSS v3.1 base score of 6.5 (Medium) with a vector string of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N (Miggo, GitHub Advisory).

Impact

In affected configurations, attackers could influence the destination of internal requests triggered by middleware routing logic, perform SSRF against internal infrastructure if user-controlled headers were forwarded without validation, and potentially access sensitive internal resources or services unintentionally exposed via internal redirect behavior. This issue is primarily exploitable in self-hosted deployments where developers use custom middleware logic and do not adhere to documented usage of NextResponse.next({ request }) (Vercel Changelog).

Atténuation et solutions de contournement

The vulnerability has been patched in Next.js versions 14.2.32 and 15.4.7. For users who cannot upgrade immediately, recommended workarounds include: ensuring middleware follows official guidance by using NextResponse.next({ request }) to explicitly pass the request object, avoiding forwarding user-controlled headers to downstream systems without validation, and ensuring headers that should never be sent from client to server are not reflected back via NextResponse.next (Vercel Changelog).

Réactions de la communauté

The vulnerability was responsibly disclosed by Nicolas Lamoureux and the Latacora team. Vercel responded by quickly releasing patches and applying fixes to protect their infrastructure customers running affected versions by August 25th, 2025 (Vercel Changelog).

Ressources additionnelles

SourceCe rapport a été généré à l’aide de l’IA

Apparenté Wolfi Vulnérabilités:

Identifiant CVE

Sévérité

Score

Technologies

Nom du composant

Exploit CISA KEV

A corrigé

Date de publication

CVE-2025-66471HIGH8.9
  • PythonPython
  • py3-urllib3
NonOuiDec 05, 2025
CVE-2025-66418HIGH8.9
  • PythonPython
  • python-urllib3
NonOuiDec 05, 2025
CVE-2025-66564HIGH7.5
  • Datadog AgentDatadog Agent
  • cosign
NonOuiDec 04, 2025
CVE-2025-66490MEDIUM6.9
  • WolfiWolfi
  • traefik-3
NonOuiDec 09, 2025
CVE-2025-66491MEDIUM5.9
  • WolfiWolfi
  • traefik
NonOuiDec 09, 2025

Évaluation gratuite des vulnérabilités

Évaluez votre posture de sécurité dans le cloud

Évaluez vos pratiques de sécurité cloud dans 9 domaines de sécurité pour évaluer votre niveau de risque et identifier les failles dans vos défenses.

Demander une évaluation

Ressources Wiz supplémentaires

PEACH

PEACH

Un cadre d’isolation des locataires

Obtenez une démo personnalisée

Prêt(e) à voir Wiz en action ?

"La meilleure expérience utilisateur que j’ai jamais vue, offre une visibilité totale sur les workloads cloud."
David EstlickRSSI
"Wiz fournit une interface unique pour voir ce qui se passe dans nos environnements cloud."
Adam FletcherChef du service de sécurité
"Nous savons que si Wiz identifie quelque chose comme critique, c’est qu’il l’est réellement."
Greg PoniatowskiResponsable de la gestion des menaces et des vulnérabilités
Demander une démo