{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-57752", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-08-19T15:16:22.916Z", "datePublished": "2025-08-29T22:06:27.240Z", "dateUpdated": "2025-09-02T19:23:39.835Z"}, "containers": {"cna": {"title": "Next.js Affected by Cache Key Confusion for Image Optimization API Routes", "problemTypes": [{"descriptions": [{"cweId": "CWE-524", "lang": "en", "description": "CWE-524: Use of Cache Containing Sensitive Information", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/vercel/next.js/security/advisories/GHSA-g5qg-72qw-gw5v", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/vercel/next.js/security/advisories/GHSA-g5qg-72qw-gw5v"}, {"name": "https://github.com/vercel/next.js/pull/82114", "tags": ["x_refsource_MISC"], "url": "https://github.com/vercel/next.js/pull/82114"}, {"name": "https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd", "tags": ["x_refsource_MISC"], "url": "https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd"}, {"name": "https://vercel.com/changelog/cve-2025-57752", "tags": ["x_refsource_MISC"], "url": "https://vercel.com/changelog/cve-2025-57752"}], "affected": [{"vendor": "vercel", "product": "next.js", "versions": [{"version": ">= 15.0.0, < 15.4.5", "status": "affected"}, {"version": "< 14.2.31", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-08-29T22:06:27.240Z"}, "descriptions": [{"lang": "en", "value": "Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers (such as Cookie or Authorization), these responses could be incorrectly cached and served to unauthorized users due to a cache key confusion bug. This vulnerability has been fixed in Next.js versions 14.2.31 and 15.4.5. All users are encouraged to upgrade if they use API routes to serve images that depend on request headers and have image optimization enabled."}], "source": {"advisory": "GHSA-g5qg-72qw-gw5v", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-02T19:23:30.318403Z", "id": "CVE-2025-57752", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-02T19:23:39.835Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-57752", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-02T19:23:30.318403Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-02T19:23:34.653Z"}}], "cna": {"title": "Next.js Affected by Cache Key Confusion for Image Optimization API Routes", "source": {"advisory": "GHSA-g5qg-72qw-gw5v", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "vercel", "product": "next.js", "versions": [{"status": "affected", "version": ">= 15.0.0, < 15.4.5"}, {"status": "affected", "version": "< 14.2.31"}]}], "references": [{"url": "https://github.com/vercel/next.js/security/advisories/GHSA-g5qg-72qw-gw5v", "name": "https://github.com/vercel/next.js/security/advisories/GHSA-g5qg-72qw-gw5v", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/vercel/next.js/pull/82114", "name": "https://github.com/vercel/next.js/pull/82114", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd", "name": "https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd", "tags": ["x_refsource_MISC"]}, {"url": "https://vercel.com/changelog/cve-2025-57752", "name": "https://vercel.com/changelog/cve-2025-57752", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers (such as Cookie or Authorization), these responses could be incorrectly cached and served to unauthorized users due to a cache key confusion bug. This vulnerability has been fixed in Next.js versions 14.2.31 and 15.4.5. All users are encouraged to upgrade if they use API routes to serve images that depend on request headers and have image optimization enabled."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-524", "description": "CWE-524: Use of Cache Containing Sensitive Information"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-08-29T22:06:27.240Z"}}}, "cveMetadata": {"cveId": "CVE-2025-57752", "state": "PUBLISHED", "dateUpdated": "2025-09-02T19:23:39.835Z", "dateReserved": "2025-08-19T15:16:22.916Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-08-29T22:06:27.240Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "88CF5491-9D3E-4538-B7F4-9B2FACB57878", "versionEndExcluding": "14.2.31", "vulnerable": true}, {"criteria": "cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "2FE23799-8927-4736-934B-BC2BB6F9BB63", "versionEndExcluding": "15.4.5", "versionStartIncluding": "15.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers (such as Cookie or Authorization), these responses could be incorrectly cached and served to unauthorized users due to a cache key confusion bug. This vulnerability has been fixed in Next.js versions 14.2.31 and 15.4.5. All users are encouraged to upgrade if they use API routes to serve images that depend on request headers and have image optimization enabled."}], "id": "CVE-2025-57752", "lastModified": "2025-09-08T16:43:50.330", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-08-29T22:15:31.963", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/vercel/next.js/pull/82114"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/vercel/next.js/security/advisories/GHSA-g5qg-72qw-gw5v"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://vercel.com/changelog/cve-2025-57752"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-524"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "nextjs: Next.js Affected by Cache Key Confusion for Image Optimization API Routes", "id": "2392060", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392060"}, "csaw": false, "cwe": "CWE-524", "details": ["Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers (such as Cookie or Authorization), these responses could be incorrectly cached and served to unauthorized users due to a cache key confusion bug. This vulnerability has been fixed in Next.js versions 14.2.31 and 15.4.5. All users are encouraged to upgrade if they use API routes to serve images that depend on request headers and have image optimization enabled."], "mitigation": {"lang": "en:us", "value": "As a mitigation, developers/admins should avoid serving images that depend on sensitive request headers (such as Cookie or Authorization) through the Image Optimization API. Instead, these images can be served directly without optimization or with caching disabled to prevent unintended exposure to unauthorized users."}, "name": "CVE-2025-57752", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "dotnet7.0", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:trusted_artifact_signer:1", "fix_state": "Fix deferred", "package_name": "rhtas/rekor-search-ui-rhel9", "product_name": "Red Hat Trusted Artifact Signer"}, {"cpe": "cpe:/a:redhat:amq_streams:2", "fix_state": "Fix deferred", "package_name": "com.github.streamshub-console", "product_name": "streams for Apache Kafka 2"}, {"cpe": "cpe:/a:redhat:amq_streams:3", "fix_state": "Fix deferred", "package_name": "com.github.streamshub-console", "product_name": "streams for Apache Kafka 3"}], "public_date": "2025-08-29T22:06:27Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-57752\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-57752\nhttps://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd\nhttps://github.com/vercel/next.js/pull/82114\nhttps://github.com/vercel/next.js/security/advisories/GHSA-g5qg-72qw-gw5v\nhttps://vercel.com/changelog/cve-2025-57752"], "statement": "This vulnerability is considered Moderate because it only impacts applications that both (1) serve images through API routes where responses vary based on sensitive request headers, and (2) have image optimization enabled. In most common Next.js deployments, static images or header-independent responses are used, meaning the bug has no effect. Additionally, the exposure is limited to cached image content rather than direct access to underlying APIs or application data. Since it does not allow arbitrary code execution, privilege escalation, or broad data leakage by default, the impact is constrained to specific configurations, making it a Moderate issue rather than a Important flaw.", "threat_severity": "Moderate"}

{"created": "2025-08-31T08:41:33.165984+00:00", "updated": "2025-08-31T08:41:33.166102+00:00", "vendors": ["vercel", "vercel$PRODUCT$next.js"]}