Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-48068
CVE-2025-48068:
ASP.NET Core vulnerability analysis and mitigation
Overview
Next.js, a React framework for building full-stack web applications, was found to contain a low-severity vulnerability (CVE-2025-48068) affecting versions 13.0 through 15.2.2. The vulnerability was discovered and disclosed on May 28, 2025, specifically impacting applications using the App Router feature during local development. This security flaw allows limited source code exposure when the dev server is running and requires a user to visit a malicious webpage while npm run dev is active (GitHub Advisory, Vercel Changelog).
Technical details
The vulnerability stems from a lack of origin verification in the Next.js development server's WebSocket implementation, making it susceptible to Cross-site WebSocket hijacking (CSWSH) attacks. The issue specifically affects applications using App Router, which was experimental and required experimental.appDir = true in versions 13.0.0 to 13.4. The vulnerability has been assigned a CVSS v4 score of 2.3 (Low severity) with the vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N (GitHub Advisory).
Impact
When exploited, this vulnerability enables malicious websites to access the source code of client components in a Next.js application when a user visits the malicious site while running the Next.js dev server locally. The impact is strictly limited to development environments and requires active user interaction. There is no impact on production deployments (GitHub Advisory).
Mitigation and workarounds
The vulnerability has been patched in Next.js version 15.2.2. Users are advised to upgrade to this version or later. Alternative workarounds include avoiding browsing untrusted websites while running the local development server, implementing local firewall or proxy rules to block unauthorized WebSocket access to localhost, and using allowedDevOrigins to upgrade and get the patch while still allowing specific origins to connect (Vercel Changelog).
Community reactions
The vulnerability was responsibly disclosed by security researchers sapphi-red and Radman Siddiki. Vercel, the company behind Next.js, has documented the vulnerability in their changelog and assigned it a low severity rating (GitHub Advisory).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management