Vulnerability Database

296,090

Total vulnerabilities in the database

CVE-2025-57752

A vulnerability in Next.js Image Optimization has been fixed in v15.4.5 and v14.2.31. When images returned from API routes vary based on request headers (such as Cookie or Authorization), these responses could be incorrectly cached and served to unauthorized users due to a cache key confusion bug.

All users are encouraged to upgrade if they use API routes to serve images that depend on request headers and have image optimization enabled.

More details at Vercel Changelog

CVSS v3:

  • Severity: Unknown
  • Score:
  • AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

Software From Fixed in
Node.js icon next - 14.2.31
Node.js icon next 15.0.0 15.4.5