CNNVD-202507-290 Information
CNNVD ID
CNNVD-202507-290
Related CVE
- CNNVD Published: 2025-07-03
Description (Chinese)
Next.js是Vercel开源的一个 React 框架。 Next.js 15.3.0至15.3.3之前版本和Vercel CLI 41.4.1至42.2.0版本存在环境问题漏洞,该漏洞源于缓存污染漏洞,可能导致返回错误内容。
Description (English)
Next.js is a react framework for Vercel ’s open source. There are environmental gaps in previous versions of Next.js 15.3.0 to 15.3.3, and in Vercel CLI 41.4.1 to 42.2.0, which stem from the cache of contamination and may lead to the return of the wrong content.
Hazard Level
Critical
Vulnerability Type
环境问题
Affected Vendor
Vercel
Published
2025-07-03
Last Modified
2026-02-24
References
https://github.com/vercel/next.js/commit/ec202eccf05820b60c6126d6411fe16766ecc066 https://github.com/vercel/next.js/issues/79346 https://github.com/vercel/next.js/releases/tag/v15.3.3 https://github.com/vercel/next.js/security/advisories/GHSA-r2fc-ccr8-96c4 https://vercel.com/changelog/cve-2025-49005 https://access.redhat.com/security/cve/cve-2025-49005
Patch
https://github.com/vercel/next.js/releases
Share on: