VDB
CVE-2025-49826
CVE-2025-49826
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Next.js ist ein Framework für React-basierte Web-Anwendungen.
EPSS 0.17% · 38.1th percentile
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.17%
38.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vercel | Vercel Next.js <15.2.0 |
Timeline
- Jan 21, 1970 Security Advisory
- Jul 3, 2025 CVE Published
- Jul 3, 2025 Coalition ESS Score
- Jul 3, 2025 Coalition ESS Score
- Jul 3, 2025 PoC Published
- Jul 3, 2025 PoC Published
- Jul 4, 2025 EPSS Score
- Jul 4, 2025 PoC Published
- Jul 4, 2025 PoC Published
- Jul 4, 2025 PoC Published
- Jul 4, 2025 PoC Published
- Jul 5, 2025 PoC Published
References
- https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1456.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1456 advisory
- https://github.com/vercel/next.js/security/advisories/GHSA-67rr-84xm-4c7r advisory
- https://github.com/vercel/next.js/security/advisories/GHSA-r2fc-ccr8-96c4 advisory