CVE-2025-57752 (GCVE-0-2025-57752)
Vulnerability from cvelistv5
Published
2025-08-29 22:06
Modified
2025-09-02 19:23
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
  • CWE-524 - Use of Cache Containing Sensitive Information
Summary
Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers (such as Cookie or Authorization), these responses could be incorrectly cached and served to unauthorized users due to a cache key confusion bug. This vulnerability has been fixed in Next.js versions 14.2.31 and 15.4.5. All users are encouraged to upgrade if they use API routes to serve images that depend on request headers and have image optimization enabled.
References
security-advisories@github.comhttps://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422dddPatch
security-advisories@github.comhttps://github.com/vercel/next.js/pull/82114Patch
security-advisories@github.comhttps://github.com/vercel/next.js/security/advisories/GHSA-g5qg-72qw-gw5vVendor Advisory
security-advisories@github.comhttps://vercel.com/changelog/cve-2025-57752Vendor Advisory
Impacted products
Vendor Product Version
vercel next.js Version: >= 15.0.0, < 15.4.5
Version: < 14.2.31
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-57752",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-02T19:23:30.318403Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-02T19:23:39.835Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "next.js",
          "vendor": "vercel",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 15.0.0, \u003c 15.4.5"
            },
            {
              "status": "affected",
              "version": "\u003c 14.2.31"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers (such as Cookie or Authorization), these responses could be incorrectly cached and served to unauthorized users due to a cache key confusion bug. This vulnerability has been fixed in Next.js versions 14.2.31 and 15.4.5. All users are encouraged to upgrade if they use API routes to serve images that depend on request headers and have image optimization enabled."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-524",
              "description": "CWE-524: Use of Cache Containing Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-29T22:06:27.240Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/vercel/next.js/security/advisories/GHSA-g5qg-72qw-gw5v",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vercel/next.js/security/advisories/GHSA-g5qg-72qw-gw5v"
        },
        {
          "name": "https://github.com/vercel/next.js/pull/82114",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vercel/next.js/pull/82114"
        },
        {
          "name": "https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd"
        },
        {
          "name": "https://vercel.com/changelog/cve-2025-57752",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://vercel.com/changelog/cve-2025-57752"
        }
      ],
      "source": {
        "advisory": "GHSA-g5qg-72qw-gw5v",
        "discovery": "UNKNOWN"
      },
      "title": "Next.js Affected by Cache Key Confusion for Image Optimization API Routes"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-57752",
    "datePublished": "2025-08-29T22:06:27.240Z",
    "dateReserved": "2025-08-19T15:16:22.916Z",
    "dateUpdated": "2025-09-02T19:23:39.835Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-57752\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-08-29T22:15:31.963\",\"lastModified\":\"2025-09-08T16:43:50.330\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers (such as Cookie or Authorization), these responses could be incorrectly cached and served to unauthorized users due to a cache key confusion bug. This vulnerability has been fixed in Next.js versions 14.2.31 and 15.4.5. All users are encouraged to upgrade if they use API routes to serve images that depend on request headers and have image optimization enabled.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.5,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-524\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"14.2.31\",\"matchCriteriaId\":\"88CF5491-9D3E-4538-B7F4-9B2FACB57878\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"15.0.0\",\"versionEndExcluding\":\"15.4.5\",\"matchCriteriaId\":\"2FE23799-8927-4736-934B-BC2BB6F9BB63\"}]}]}],\"references\":[{\"url\":\"https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/vercel/next.js/pull/82114\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/vercel/next.js/security/advisories/GHSA-g5qg-72qw-gw5v\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://vercel.com/changelog/cve-2025-57752\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-57752\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-02T19:23:30.318403Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-02T19:23:34.653Z\"}}], \"cna\": {\"title\": \"Next.js Affected by Cache Key Confusion for Image Optimization API Routes\", \"source\": {\"advisory\": \"GHSA-g5qg-72qw-gw5v\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.2, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"vercel\", \"product\": \"next.js\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 15.0.0, \u003c 15.4.5\"}, {\"status\": \"affected\", \"version\": \"\u003c 14.2.31\"}]}], \"references\": [{\"url\": \"https://github.com/vercel/next.js/security/advisories/GHSA-g5qg-72qw-gw5v\", \"name\": \"https://github.com/vercel/next.js/security/advisories/GHSA-g5qg-72qw-gw5v\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/vercel/next.js/pull/82114\", \"name\": \"https://github.com/vercel/next.js/pull/82114\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd\", \"name\": \"https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://vercel.com/changelog/cve-2025-57752\", \"name\": \"https://vercel.com/changelog/cve-2025-57752\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers (such as Cookie or Authorization), these responses could be incorrectly cached and served to unauthorized users due to a cache key confusion bug. This vulnerability has been fixed in Next.js versions 14.2.31 and 15.4.5. All users are encouraged to upgrade if they use API routes to serve images that depend on request headers and have image optimization enabled.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-524\", \"description\": \"CWE-524: Use of Cache Containing Sensitive Information\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-08-29T22:06:27.240Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-57752\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-09-02T19:23:39.835Z\", \"dateReserved\": \"2025-08-19T15:16:22.916Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-08-29T22:06:27.240Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.