DevVercel10 months ago

CVE-2025-57822

2 min read

A Server-Side Request Forgery vulnerability in Next.js Middleware affected versions before v14.2.32 and v15.4.7. Misconfigured NextResponse.next calls could let attackers redirect internal requests. A patch on August 25, 2025 fixed the issue for Vercel customers. Self-hosted deployments remain exploitable if not upgraded.

Level

Hype check

Tap to vote and see what everyone thinks.

#next.js #ssrf #security

Read full story

More to chew on!

AI36 minutes ago

Apple Issues AI Warning in iOS 26.5.2 Update

Summary by ByteBrief

More to chew on!

AI36 minutes ago

Apple Issues AI Warning in iOS 26.5.2 Update