CVE-2025-49005

Risk Scores

Affected Products

Exploit Intelligence

• CIRCL seen: CVE-2025-49005 (circl-sighting)
• CIRCL seen: CVE-2025-49005 (circl-sighting)
• CIRCL seen: CVE-2025-49005 (circl-sighting)
• https://github.com/vercel/next.js/security/advisories/GHSA-r2fc-ccr8-96c4 (circl)
• https://github.com/vercel/next.js/commit/ec202eccf05820b60c6126d6411fe16766ecc066 (circl)
• https://github.com/vercel/next.js/releases/tag/v15.3.3 (circl)
• https://vercel.com/changelog/cve-2025-49005 (circl)
• https://github.com/vercel/next.js/issues/79346 (cve.org)

Timeline

• Jan 21, 1970 Security Advisory
• Jul 3, 2025 CVE Published
• Jul 3, 2025 Coalition ESS Score
• Jul 3, 2025 PoC Published
• Jul 4, 2025 EPSS Score
• Jul 4, 2025 PoC Published
• Jul 4, 2025 PoC Published
• Jul 8, 2025 Coalition ESS Score
• Jul 9, 2025 Coalition ESS Score
• Jul 14, 2025 EPSS Score
• Jul 23, 2025 EPSS Score
• Aug 2, 2025 EPSS Score

References

• https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1456.json advisory
• https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1456 advisory
• https://github.com/vercel/next.js/security/advisories/GHSA-67rr-84xm-4c7r advisory
• https://github.com/vercel/next.js/security/advisories/GHSA-r2fc-ccr8-96c4 advisory