CVE-2025-49826 (GCVE-0-2025-49826)
Vulnerability from cvelistv5
Published
2025-07-03 21:03
Modified
2025-07-03 21:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
  • CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Summary
Next.js is a React framework for building full-stack web applications. From versions 15.0.4-canary.51 to before 15.1.8, a cache poisoning bug leading to a Denial of Service (DoS) condition was found in Next.js. This issue does not impact customers hosted on Vercel. Under certain conditions, this issue may allow a HTTP 204 response to be cached for static pages, leading to the 204 response being served to all users attempting to access the page. This issue has been addressed in version 15.1.8.
References
security-advisories@github.comhttps://github.com/vercel/next.js/commit/a15b974ed707d63ad4da5b74c1441f5b7b120e93
security-advisories@github.comhttps://github.com/vercel/next.js/releases/tag/v15.1.8
security-advisories@github.comhttps://github.com/vercel/next.js/security/advisories/GHSA-67rr-84xm-4c7r
security-advisories@github.comhttps://vercel.com/changelog/cve-2025-49826
Impacted products
Vendor Product Version
vercel next.js Version: >= 15.0.4-canary.51, < 15.1.8
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "product": "next.js",
          "vendor": "vercel",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 15.0.4-canary.51, \u003c 15.1.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Next.js is a React framework for building full-stack web applications. From versions 15.0.4-canary.51 to before 15.1.8, a cache poisoning bug leading to a Denial of Service (DoS) condition was found in Next.js. This issue does not impact customers hosted on Vercel. Under certain conditions, this issue may allow a HTTP 204 response to be cached for static pages, leading to the 204 response being served to all users attempting to access the page. This issue has been addressed in version 15.1.8."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-03T21:15:19.153Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/vercel/next.js/security/advisories/GHSA-67rr-84xm-4c7r",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vercel/next.js/security/advisories/GHSA-67rr-84xm-4c7r"
        },
        {
          "name": "https://github.com/vercel/next.js/commit/a15b974ed707d63ad4da5b74c1441f5b7b120e93",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vercel/next.js/commit/a15b974ed707d63ad4da5b74c1441f5b7b120e93"
        },
        {
          "name": "https://github.com/vercel/next.js/releases/tag/v15.1.8",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vercel/next.js/releases/tag/v15.1.8"
        },
        {
          "name": "https://vercel.com/changelog/cve-2025-49826",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://vercel.com/changelog/cve-2025-49826"
        }
      ],
      "source": {
        "advisory": "GHSA-67rr-84xm-4c7r",
        "discovery": "UNKNOWN"
      },
      "title": "Next.js DoS vulnerability via cache poisoning"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-49826",
    "datePublished": "2025-07-03T21:03:24.346Z",
    "dateReserved": "2025-06-11T14:33:57.799Z",
    "dateUpdated": "2025-07-03T21:15:19.153Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-49826\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-07-03T21:15:27.287\",\"lastModified\":\"2025-07-03T22:15:21.010\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Next.js is a React framework for building full-stack web applications. From versions 15.0.4-canary.51 to before 15.1.8, a cache poisoning bug leading to a Denial of Service (DoS) condition was found in Next.js. This issue does not impact customers hosted on Vercel. Under certain conditions, this issue may allow a HTTP 204 response to be cached for static pages, leading to the 204 response being served to all users attempting to access the page. This issue has been addressed in version 15.1.8.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]}],\"references\":[{\"url\":\"https://github.com/vercel/next.js/commit/a15b974ed707d63ad4da5b74c1441f5b7b120e93\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/vercel/next.js/releases/tag/v15.1.8\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/vercel/next.js/security/advisories/GHSA-67rr-84xm-4c7r\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://vercel.com/changelog/cve-2025-49826\",\"source\":\"security-advisories@github.com\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.