CNNVD-202508-3487 Information

CNNVD ID

CNNVD-202508-3487

Related CVE

CVE-2025-55173

• CNNVD Published: 2025-08-29

Description (Chinese)

Next.js是Vercel开源的一个 React 框架。 Next.js 14.2.31之前版本和15.0.0至15.4.5之前版本存在输入验证错误漏洞，该漏洞源于图像优化功能内容注入，可能导致钓鱼攻击。

Description (English)

Next.js is a react framework for Vercel ’s open source. Next.js 14.2.31 and 15.0.0 to 15.4.5 have input validation error holes, which stem from the input of image optimization functionality, which may lead to fishing attacks.

Hazard Level

High

Vulnerability Type

输入验证错误

Affected Vendor

Versa

Published

2025-08-29

Last Modified

2026-02-24

References

https://vercel.com/changelog/cve-2025-55173 https://github.com/vercel/next.js/security/advisories/GHSA-xv57-4mr9-wg8v https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd https://nvd.nist.gov/vuln/detail/CVE-2025-55173 https://access.redhat.com/security/cve/cve-2025-55173

Patch

https://github.com/vercel/next.js/releases