Home > Vulnerability Database > CVE-2025-57752

Mend.io Vulnerability Database

CVE-2025-57752

Good to know:

Date: August 29, 2025

Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers (such as Cookie or Authorization), these responses could be incorrectly cached and served to unauthorized users due to a cache key confusion bug. This vulnerability has been fixed in Next.js versions 14.2.31 and 15.4.5. All users are encouraged to upgrade if they use API routes to serve images that depend on request headers and have image optimization enabled.

Severity Score

6.2

Related Resources (7)

Url: https://vercel.com/changelog/cve-2025-57752

Url: https://github.com/vercel/next.js/pull/82114

Url: https://github.com/vercel/next.js/security/advisories/GHSA-g5qg-72qw-gw5v

Url: https://github.com/vercel/next.js

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-57752

Url: https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd

Url: https://www.mend.io/vulnerability-database/CVE-2025-57752

Severity Score

6.2

Weakness Type (CWE)

Use of Cache Containing Sensitive Information

CWE-524

Top Fix

Upgrade Version

Upgrade to version next - 15.4.5;next - 14.2.31

Learn More

CVSS v3.1

Base Score:	6.2
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-57752

Good to know:

Date: August 29, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?