CVE-2025-27415: Nuxt allows DOS via cache poisoning with payload rendering response

March 19, 2025 (updated March 20, 2025)

By sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site.

It is possible to craft a request, such as https://mysite.com/?/_payload.json which will be rendered as JSON. If the CDN in front of a Nuxt site ignores the query string when determining whether to cache a route, then this JSON response could be served to future visitors to the site.

References

github.com/advisories/GHSA-jvhm-gjrh-3h93
github.com/nuxt/nuxt
github.com/nuxt/nuxt/security/advisories/GHSA-jvhm-gjrh-3h93
nvd.nist.gov/vuln/detail/CVE-2025-27415

Detect and mitigate CVE-2025-27415 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →