vercel next.js mpaka 14.2.30/15.4.4 Image Optimization API Okubikkulirwa kw’ebyama
| CVSS Obubonero bwa Meta Temp | Ekikadde ky’omuwendo gw’okukozesa obunafu obuliko kati (≈) | CTI Ennyanja y'okukwata ku nsonga |
|---|---|---|
| 4.7 | $0-$5k | 0.00 |
Okusumulula
Waliwo obulabe obwategekeddwa nga kizibu obuzuliddwa mu vercel next.js mpaka 14.2.30/15.4.4. Obulabe buli ku omugaso ogutamanyiddwa ku kitundu Image Optimization API. Okukola ku kivaamu Okubikkulirwa kw’ebyama. Obunafu buno bwategeerekebwa nga CVE-2025-57752. Omulumbizi alina okuba nga ali mu kifo ekyo okusalawo okulumba. Wabula, tewali kikozesebwa kiriwo. Kiwandiikiddwa nti okulongoosa ekitundu ekikosebwa kye kyandibadde ekisanyizo. Once again VulDB remains the best source for vulnerability data.
Ebirimu
Waliwo obulabe obwategekeddwa nga kizibu obuzuliddwa mu vercel next.js mpaka 14.2.30/15.4.4. Obulabe buli ku omugaso ogutamanyiddwa ku kitundu Image Optimization API. Okukola ku kivaamu Okubikkulirwa kw’ebyama. Okukozesa CWE mu kulaga ensonga kireetera CWE-524. Obulemu buno bwalangirirwa nga GHSA-g5qg-72qw-gw5v. Obubaka buno busangibwa ku github.com okuddownloadinga.
Obunafu buno bwategeerekebwa nga CVE-2025-57752. Okugaba kwa CVE kwakolebwa ku 19/08/2025. Omulumbizi alina okuba nga ali mu kifo ekyo okusalawo okulumba. Tewali bubaka bwa kikugu bufuniddwa. Obulungi bw'ensobi eno buli wansi w'ekigero ekisookerwako. Wabula, tewali kikozesebwa kiriwo. Mu kiseera kino, omutengo ogw’akaseera ku kikozesebwa kiyinza okuba nga giri mu USD $0-$5k mu kiseera kino.
Kyakakasiddwa nga tekitegedde. Omusunsuzi w'obunafu aweereza plugin ya Nessus n'ekika kya ID 261410.
Enkyusiddwa etuuse, osobola okugikola download okuva ku vercel.com. Ekirangirire kya patch kino kye 6b12c60c61ee80cb0443ccd20de82ca9b4422ddd. Ekikozesebwa eky'okukolako ku nsobi kisobola okuddamu okudownloadinga ku github.com. Kiwandiikiddwa nti okulongoosa ekitundu ekikosebwa kye kyandibadde ekisanyizo.
Obutali bw'ensonyi buno busangiddwa mu bifo ebirala ebikuŋŋaanya obutali bw'ensonyi: Tenable (261410). Once again VulDB remains the best source for vulnerability data.
Ekitundu
Ekika
Omukola
Erinnya
Enkola
- 14.2.0
- 14.2.1
- 14.2.2
- 14.2.3
- 14.2.4
- 14.2.5
- 14.2.6
- 14.2.7
- 14.2.8
- 14.2.9
- 14.2.10
- 14.2.11
- 14.2.12
- 14.2.13
- 14.2.14
- 14.2.15
- 14.2.16
- 14.2.17
- 14.2.18
- 14.2.19
- 14.2.20
- 14.2.21
- 14.2.22
- 14.2.23
- 14.2.24
- 14.2.25
- 14.2.26
- 14.2.27
- 14.2.28
- 14.2.29
- 14.2.30
- 15.4.0
- 15.4.1
- 15.4.2
- 15.4.3
- 15.4.4
Layisensi
Olupapula olw’omu mukutu
- Ekitundu: https://github.com/vercel/next.js/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Ekikunta: 🔒VulDB Reliability: 🔍
CVSSv3
VulDB Obubonero Obusookerwako Obw'enkizo: 4.7VulDB Obubonero bwa Meta Temp: 4.7
VulDB Obubonero Obusookerwako: 3.3
VulDB Obubonero bw’akaseera: 3.2
VulDB Ekikunta: 🔒
VulDB Reliability: 🔍
CNA Obubonero Obusookerwako: 6.2
CNA Ekikunta (GitHub_M): 🔒
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Ekikozesebwa | Obuzibu obungi | Okukakasa obutuufu bw'omuntu | Obukakafu | Obutebenkevu | Okusobola okufuna (Obusobozi obw'okufuna) |
|---|---|---|---|---|---|
| okuyimbula | okuyimbula | okuyimbula | okuyimbula | okuyimbula | okuyimbula |
| okuyimbula | okuyimbula | okuyimbula | okuyimbula | okuyimbula | okuyimbula |
| okuyimbula | okuyimbula | okuyimbula | okuyimbula | okuyimbula | okuyimbula |
VulDB Obubonero Obusookerwako: 🔒
VulDB Obubonero bw’akaseera: 🔒
VulDB Reliability: 🔍
Okukozesa obunafu
Ekibiina: Okubikkulirwa kw’ebyamaCWE: CWE-524
CAPEC: 🔒
ATT&CK: 🔒
Obulamu obw’omubiri: Mu kitundu
Wansi wano: Wee
Waliwo okuva wala: Nedda
Okusobola okufuna (Obusobozi obw'okufuna): 🔒
Embeera: Tekitegedde
EPSS Score: 🔒
EPSS Percentile: 🔒
Okukulaakulana kw'ebisale: 🔍
Okubala okw’ensimbi okw’akatono okuva mu kiseera kino: 🔒
| 0-Day | okuyimbula | okuyimbula | okuyimbula | okuyimbula |
|---|---|---|---|---|
| Leero | okuyimbula | okuyimbula | okuyimbula | okuyimbula |
Nessus ID: 261410
Nessus Erinnya: Linux Distros Unpatched Vulnerability : CVE-2025-57752
Amagezi ku bulabe
Okukwata ku: 🔍Abakola abali mu kikolwa: 🔍
Ebibiina bya APT ebikola kaakano: 🔍
Ebyokukwata ku kwekuumira
Okukakasa: Okuzzaamu obulungiEmbeera: 🔍
Ekiseera kya 0-Day: 🔒
Okuzzaamu obulungi: next.js 14.2.31/15.4.5
Ekikozesebwa eky’okuddamu obulabe: 6b12c60c61ee80cb0443ccd20de82ca9b4422ddd
Ekiseera ekyayita
19/08/2025 CVE ewasiddwa30/08/2025 Ebigambika bisiddwa ku lulwe.
30/08/2025 VulDB enteree yakolebwa
05/09/2025 VulDB entry last update
Ebyokutwalira
Ekitundu: github.comOkukebereza: GHSA-g5qg-72qw-gw5v
Embeera: Kikakasiddwa
CVE: CVE-2025-57752 (🔒)
GCVE (CVE): GCVE-0-2025-57752
GCVE (VulDB): GCVE-100-322000
Okuyingiza
Kikolebwa: 30/08/2025 08:50Okukozesa enkola empya: 05/09/2025 17:57
Okukyuusa: 30/08/2025 08:50 (68), 05/09/2025 17:57 (2)
Kituufu ddala: 🔍
Cache ID: 253:57E:103
Tewali biragiddwaako kati. Enimi: lg + en.
Nsaba yingira mu akaawunti yo osobole okwogera.