Plataforma
nodejs
Componente
next
Corrigido em
14.2.33
15.4.8
14.2.32
A Server-Side Request Forgery (SSRF) vulnerability has been identified in Next.js Middleware. This issue arises from the direct passing of request headers into the NextResponse.next() function, potentially allowing attackers to forge requests in self-hosted applications. The vulnerability impacts versions prior to v14.2.32 and v15.4.7, and users are strongly advised to upgrade to mitigate the risk.
The SSRF vulnerability in Next.js Middleware allows an attacker to craft malicious requests that appear to originate from the server itself. This can lead to unauthorized access to internal resources, data exfiltration, and potentially even remote code execution if the server has access to vulnerable internal services. The impact is particularly significant in self-hosted environments where the middleware is used to handle incoming requests and potentially interact with other internal systems. Successful exploitation could allow an attacker to scan internal networks, access sensitive data stored on internal servers, or even manipulate internal services, effectively bypassing security controls.
This vulnerability was publicly disclosed on August 29, 2025. There is currently no indication of active exploitation campaigns. The vulnerability's impact is primarily limited to self-hosted Next.js applications, reducing the overall attack surface. No KEV listing is present at the time of writing.
Organizations deploying self-hosted Next.js applications, particularly those utilizing custom middleware for request handling, are at risk. Environments with less stringent input validation and sanitization practices are especially vulnerable. Developers who are not fully aware of the SSRF implications of passing request headers directly into NextResponse.next() are also at increased risk.
• nodejs: Inspect middleware code for direct usage of NextResponse.next() with request headers. Use grep to search for patterns like nextResponse.next({ headers: req.headers }).
• generic web: Monitor access logs for unusual outbound requests originating from the Next.js application server. Look for requests to internal IP addresses or sensitive internal services.
• generic web: Examine response headers for unexpected or reflected request headers. Use curl -v <url> to inspect headers.
disclosure
Status do Exploit
EPSS
5.63% (percentil 90%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2025-57822 is to upgrade to Next.js version 14.2.32 or 15.4.7. If an immediate upgrade is not feasible, carefully review all custom middleware logic to ensure that request headers are not directly passed into NextResponse.next(). Implement strict input validation and sanitization to prevent the reflection of sensitive headers. Consider using a Web Application Firewall (WAF) to filter out potentially malicious requests. After upgrading, verify the fix by attempting to craft an SSRF request through the middleware and confirming that it is blocked.
Actualice Next.js a la versión 14.2.32 o superior. Si está utilizando la versión 15, actualice a la versión 15.4.7 o superior. Verifique el uso correcto de la función `next()` en su middleware personalizado, asegurándose de pasar explícitamente el objeto de solicitud.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-57822 is a Medium severity SSRF vulnerability in Next.js Middleware, allowing attackers to forge requests in self-hosted applications if request headers are improperly handled.
You are affected if you are using Next.js Middleware versions prior to v14.2.32 or v15.4.7 and have implemented custom middleware logic.
Upgrade to Next.js version 14.2.32 or 15.4.7. Review and sanitize custom middleware logic to prevent header reflection.
There is currently no indication of active exploitation campaigns related to CVE-2025-57822.
You can find the official advisory at [Vercel Changelog](https://vercel.com/changelog/cve-2025-57822)
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.