Main Vulnerability Database Vulnerabilities #VU112181

#VU112181 Input validation error in Next.js - CVE-2025-49826

Published: July 4, 2025

Vulnerability identifier: #VU112181

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-49826

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Next.js

Software vendor:
vercel

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in the application code that can lead to caching of HTTP 204 response and serving it for static pages. A remote attacker can poison the web application cache and perform a denial of service attack.

Remediation

Install updates from vendor's website.

External links

https://github.com/vercel/next.js/commit/a15b974ed707d63ad4da5b74c1441f5b7b120e93
https://github.com/vercel/next.js/releases/tag/v15.1.8
https://github.com/vercel/next.js/security/advisories/GHSA-67rr-84xm-4c7r
https://vercel.com/changelog/cve-2025-49826

#VU112181 Input validation error in Next.js - CVE-2025-49826

Description

Remediation

External links

Please verify you're human