CVE-2025-57822: Next.js Improper Middleware Redirect Handling Leads to SSRF

August 29, 2025 (updated September 11, 2025)

A vulnerability in Next.js Middleware has been fixed in v14.2.32 and v15.4.7. The issue occurred when request headers were directly passed into NextResponse.next(). In self-hosted applications, this could allow Server-Side Request Forgery (SSRF) if certain sensitive headers from the incoming request were reflected back into the response.

All users implementing custom middleware logic in self-hosted environments are strongly encouraged to upgrade and verify correct usage of the next() function.

More details at Vercel Changelog

References

github.com/advisories/GHSA-4342-x723-ch2f
github.com/vercel/next.js
github.com/vercel/next.js/commit/9c9aaed5bb9338ef31b0517ccf0ab4414f2093d8
github.com/vercel/next.js/security/advisories/GHSA-4342-x723-ch2f
nvd.nist.gov/vuln/detail/CVE-2025-57822
vercel.com/changelog/cve-2025-57822

Code Behaviors & Features

Detect and mitigate CVE-2025-57822 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →