CVE-2025-57822: Next.js Improper Middleware Redirect Handling Leads to SSRF

August 29, 2025

A vulnerability in Next.js Middleware has been fixed in v14.2.32 and v15.4.7. When next() was used without explicitly passing the request object, it could lead to SSRF in self-hosted applications that incorrectly forwarded user-supplied headers.

All users implementing custom middleware logic in self-hosted environments are strongly encouraged to upgrade and verify correct usage of the next() function.

More details at Vercel Changelog

References

github.com/advisories/GHSA-4342-x723-ch2f
github.com/vercel/next.js
github.com/vercel/next.js/commit/9c9aaed5bb9338ef31b0517ccf0ab4414f2093d8
github.com/vercel/next.js/security/advisories/GHSA-4342-x723-ch2f
nvd.nist.gov/vuln/detail/CVE-2025-57822
vercel.com/changelog/cve-2025-57822

Code Behaviors & Features

Detect and mitigate CVE-2025-57822 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →