CVE-2025-57822

A vulnerability in Next.js Middleware has been fixed in v14.2.32 and v15.4.7. The issue occurred when request headers were directly passed into NextResponse.next(). In self-hosted applications, this could allow Server-Side Request Forgery (SSRF) if certain sensitive headers from the incoming request were reflected back into the response.

All users implementing custom middleware logic in self-hosted environments are strongly encouraged to upgrade and verify correct usage of the next() function.

More details at Vercel Changelog

Published: Aug 29, 2025
Updated: Aug 30, 2025
CVE: CVE-2025-57822
GHSA: GHSA-4342-x723-ch2f
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
next	-	14.2.32
next	15.0.0-canary.0	15.4.7

https://github.com/vercel/next.js/commit/9c9aaed5bb9338ef31b0517ccf0ab4414f2093d8
https://github.com/vercel/next.js/security/advisories/GHSA-4342-x723-ch2f
https://vercel.com/changelog/cve-2025-57822

Vulnerability Database

CVE-2025-57822