CNNVD-202508-3486 Information

CNNVD ID

CNNVD-202508-3486

Related CVE

CVE-2025-57752

• CNNVD Published: 2025-08-29

Description (Chinese)

Next.js是Vercel开源的一个 React 框架。 Next.js 14.2.31之前版本和15.0.0至15.4.5之前版本存在安全漏洞，该漏洞源于缓存键混淆，可能导致未经授权的用户访问。

Description (English)

Next.js is a react framework for Vercel ’s open source. Next.js 14.2.31 and 15.0.0 to 15.4.5 have a security loophole, which stems from the confusion of the cache key and may lead to unauthorized user access.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Versa

Published

2025-08-29

Last Modified

2026-02-24

References

https://vercel.com/changelog/cve-2025-57752 https://github.com/vercel/next.js/security/advisories/GHSA-g5qg-72qw-gw5v https://github.com/vercel/next.js/pull/82114 https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd https://access.redhat.com/security/cve/cve-2025-57752 https://nvd.nist.gov/vuln/detail/CVE-2025-57752

Patch

https://github.com/vercel/next.js/releases