What is CVE-2025-57822?

A medium-severity SSRF vulnerability exists in Vercel's Next.js framework affecting versions prior to 14.2.32 and 15.4.7. Users should upgrade their installations immediately to mitigate risks.

What is the severity of CVE-2025-57822?

CVE-2025-57822 has a severity rating of MEDIUM with a CVSS base score of 6.5.

CVE-2025-57822 | Medium Vulnerability in Vercel Next.js

This vulnerability allows

an attacker to exploit server-side request forgery (SSRF) issues in self-hosted applications built with Next.js. The risk to organizations includes unauthorized access to internal services.

The CVSS score of 6.5 categorizes this vulnerability as medium severity, indicating that it could be exploited under certain conditions. Organizations utilizing affected versions should prioritize patching to prevent potential exploitation.

All users implementing custom middleware logic in self-hosted environments are strongly encouraged to upgrade to Next.js versions 14.2.32 or 15.4.7, which contain fixes for this vulnerability.

Organizations should address in priority patch cycle.

Vulnerability Details

Next.js is a React framework for building full-stack web applications. Prior to versions 14.2.32 and 15.4.7, when next() was used without explicitly passing the request object, it could lead to SSRF in self-hosted applications that incorrectly forwarded user-supplied headers.

The CVSS score of 6.5 reflects the medium severity of this vulnerability, with a high attack complexity and no required privileges or user interaction.

The vulnerability is classified under CWE-918, indicating a potential for SSRF vulnerabilities. The publication date for this CVE is August 29, 2025.

Technical Analysis

The root cause of this vulnerability stems from improper handling of user-supplied headers when the next() function is called without the request object. This oversight allows attackers to potentially manipulate server requests, leading to SSRF.

The attack vector is classified as NETWORK, meaning that it could be exploited remotely. The attack complexity is rated as high, requiring a deep understanding of the middleware logic implemented by the developers.

No privileges are required for exploitation, and user interaction is not necessary. The confidentiality impact is high, as it could allow access to sensitive internal resources, while the integrity impact is low, with no availability impact.

Risk & Impact Analysis

In real-world deployments, this vulnerability presents a significant risk, particularly for organizations using Next.js in self-hosted environments. The potential for unauthorized access to sensitive internal systems increases the blast radius, making it essential for organizations to address this vulnerability.

With a CVSS score of 6.5, the urgency for remediation is moderate. Organizations should schedule remediation to ensure that their applications are secure and that users are not exposed to unnecessary risks.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions of Next.js are those prior to 14.2.32 and 15.4.7. All users are recommended to upgrade to these versions to mitigate the risk of exploitation.

Mitigation & Remediation

To mitigate this vulnerability, users should upgrade to Next.js versions 14.2.32 or 15.4.7. If upgrading is not immediately possible, organizations should review and update their middleware logic to ensure correct handling of user-supplied headers.

For further assistance, organizations can consider engaging in penetration testing to validate the effectiveness of their security measures.

Detection Guidance

Organizations should monitor application logs for any unusual requests or behaviors that could indicate attempts to exploit this vulnerability. Additionally, reviewing custom middleware implementations can help identify potential weaknesses.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2025-57822 lies in its demonstration of how SSRF vulnerabilities can arise from improper handling of requests in web frameworks.

Organizations should learn from this incident to strengthen their application security posture by implementing thorough code reviews and security testing best practices.

For further reading on security testing methodologies, consider reviewing our guide on penetration testing methodologies and how they can help identify similar vulnerabilities.

Finally, organizations may also benefit from our resources on vulnerability management programs to enhance their overall security framework.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-57822: Medium Vulnerability in Vercel Next.js