प्लेटफ़ॉर्म
nodejs
घटक
@opennextjs/cloudflare
में ठीक किया गया
1.3.0
1.17.1
A Server-Side Request Forgery (SSRF) vulnerability has been identified in the @opennextjs/cloudflare package, specifically affecting versions 1.0.0 through 1.2.9. This vulnerability allows unauthenticated users to proxy arbitrary remote content through the /_next/image endpoint, enabling attackers to load resources from external hosts under the victim site's domain. The issue arises from an unimplemented feature in the Cloudflare adapter for Open Next. A fix is available in version 1.3.0.
The SSRF vulnerability in @opennextjs/cloudflare allows attackers to load remote resources from arbitrary hosts under the victim site’s domain. This can be exploited to access internal resources that are not publicly accessible, potentially exposing sensitive data or allowing attackers to interact with internal services. For example, an attacker could craft a URL like https://victim-site.com/_next/image?url=https://attacker.com to load content from their own server, effectively using the victim site as a proxy. The impact is amplified if the victim site has access to sensitive internal APIs or databases, as the attacker could potentially use the SSRF vulnerability to interact with these resources.
CVE-2025-6087 was publicly disclosed on 2025-06-16. There is currently no indication of active exploitation campaigns targeting this vulnerability. The vulnerability is not listed on the CISA KEV catalog. Public proof-of-concept (PoC) code is likely to emerge given the ease of exploitation and the public disclosure.
Sites using the @opennextjs/cloudflare package versions 1.0.0 through 1.2.9, particularly those deployed on Cloudflare, are at risk. Shared hosting environments that utilize this package are especially vulnerable due to the ease of exploitation and potential for widespread impact.
• nodejs / supply-chain:
npm list @opennextjs/cloudflare• generic web:
curl -I https://your-site.com/_next/image?url=https://evil.comInspect the response headers and content to see if the request is being proxied.
disclosure
एक्सप्लॉइट स्थिति
EPSS
0.23% (45% शतमक)
CISA SSVC
The primary mitigation for CVE-2025-6087 is to upgrade to version 1.3.0 of the @opennextjs/cloudflare package. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to block requests to the /_next/image endpoint with arbitrary URLs. Additionally, restrict network access to the Cloudflare adapter to only trusted internal resources. Monitor access logs for suspicious requests to the /next/image endpoint originating from unexpected sources. After upgrading, confirm the vulnerability is resolved by attempting to access a known malicious URL through the /next/image endpoint and verifying that the request is blocked or fails.
पैकेज @opennextjs/cloudflare को संस्करण 1.3.0 या उच्चतर में अपडेट करें। इसके अतिरिक्त, Next.js कॉन्फ़िगरेशन में `remotePatterns` विकल्प का उपयोग करने पर विचार करें ताकि स्पष्ट रूप से उन बाहरी URL की अनुमति दी जा सके जिनसे छवियां लोड की जाती हैं।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2025-6087 is a Server-Side Request Forgery vulnerability in the @opennextjs/cloudflare package, allowing unauthenticated users to proxy requests through the /_next/image endpoint.
You are affected if you are using @opennextjs/cloudflare versions 1.0.0 through 1.2.9. Upgrade to 1.3.0 to resolve the issue.
Upgrade to version 1.3.0 of the @opennextjs/cloudflare package. As a temporary workaround, implement a WAF rule to block suspicious requests.
There is currently no confirmed active exploitation, but public PoCs are likely to emerge.
Refer to the @opennextjs project's official advisory channels for updates and further information.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।