{"vulnerability": "CVE-2025-32421", "sightings": [{"uuid": "b3be03cd-01f4-4360-a4a7-f1e494e1fa38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32421", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lvjlbwlfhp2z", "content": "", "creation_timestamp": "2025-08-03T21:02:51.663140Z"}, {"uuid": "f4297c3d-ba18-49ec-8853-32626e31d2fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32421", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp6jdwqmgk2h", "content": "", "creation_timestamp": "2025-05-15T02:57:34.451168Z"}, {"uuid": "7552ab99-da85-4363-89f0-bb0e00537172", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-32421", "type": "seen", "source": "https://bsky.app/profile/rss.y-u-e.workers.dev/post/3lp75m522gm2j", "content": "", "creation_timestamp": "2025-05-15T09:00:04.908084Z"}, {"uuid": "410f2c85-980d-46fc-8952-6ec22b9c8b97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32421", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/60798", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aPoC Lab for CVE-2025-32421 \u2013 Next.js Race Condition Cache Poisoning Simulation\nURL\uff1ahttps://github.com/Delfaster/CVE-2025-32421---Race-Condition-Vulnerability---Next.js\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-11-26T02:05:05.000000Z"}, {"uuid": "037d5232-5202-4a12-8f4c-1ed904d040ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32421", "type": "published-proof-of-concept", "source": "Telegram/C0EikeVGY605GXw1I5iTyWla58luFWPrSrA9WeVG8BlKYEE", "content": "", "creation_timestamp": "2025-11-26T09:00:05.000000Z"}, {"uuid": "574ff50c-4fcc-46c8-9aa1-3b3dce216b96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32421", "type": "published-proof-of-concept", "source": "Telegram/YnrXjW7DDI_WEWlhao3IfxIXMJoRX7WZclhhkalIebmTXIk", "content": "", "creation_timestamp": "2025-10-11T15:00:06.000000Z"}, {"uuid": "e9713409-0952-40a1-8419-19675d6f9f13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32421", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16435", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32421\n\ud83d\udd25 CVSS Score: 3.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: Next.js is a React framework for building full-stack web applications. Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This issue only affects the Pages Router under certain misconfigurations, causing normal endpoints to serve `pageProps` data instead of standard HTML. This issue was patched in versions 15.1.6 and 14.2.24 by stripping the `x-now-route-matches` header from incoming requests. Applications hosted on Vercel's platform are not affected by this issue, as the platform does not cache responses based solely on `200 OK` status without explicit `cache-control` headers. Those who self-host Next.js deployments and are unable to upgrade immediately can mitigate this vulnerability by stripping the `x-now-route-matches` header from all incoming requests at the content development network and setting `cache-control: no-store` for all responses under risk. The maintainers of Next.js strongly recommend only caching responses with explicit cache-control headers.\n\ud83d\udccf Published: 2025-05-14T22:56:45.624Z\n\ud83d\udccf Modified: 2025-05-14T22:56:45.624Z\n\ud83d\udd17 References:\n1. https://github.com/vercel/next.js/security/advisories/GHSA-qpjv-v59x-3qc4\n2. https://vercel.com/changelog/cve-2025-32421", "creation_timestamp": "2025-05-14T23:33:28.000000Z"}, {"uuid": "a7abd3fd-dcb5-4bc3-ac43-afe8b1546716", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32421", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/55013", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aComprehensive demonstration of CVE-2025-32421 Eclipse technique - a sophisticated race condition attack against Next.js 15.0.4 that bypasses the original CVE-2024-46982 patch.\nURL\uff1ahttps://github.com/hidesec/CVE-2025-32421\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-10-11T07:26:50.000000Z"}]}