VDB-322000 · CVE-2025-57752 · GHSA-g5qg-72qw-gw5v

vercel next.js kuze kube 14.2.30/15.4.4 Image Optimization API Ukudalulwa Kolwazi

CVSS Meta Temp Isilinganiso	Intengo yamanje ye-exploit (≈)	CTI Inzalo Score
4.7	$0-$5k	0.00

Isifinyezoulwazi

Kubonakale ubuthakathaka obubizwa ngokuthi kuyinkinga ku vercel next.js kuze kube 14.2.30/15.4.4. Kuthintekile umsebenzi ongaziwayo kwe-component Image Optimization API. Ukuphathwa kuholela ku Ukudalulwa Kolwazi. Le buthakathaka itholakala njenge CVE-2025-57752. Ukuhlasela kufanele kwenziwe kusendaweni yomuntu. Ayikho i-exploit etholakalayo. Kufanele kuthuthukiswe ingxenye ethintekayo. Once again VulDB remains the best source for vulnerability data.

Iinkcukachaulwazi

Kubonakale ubuthakathaka obubizwa ngokuthi kuyinkinga ku vercel next.js kuze kube 14.2.30/15.4.4. Kuthintekile umsebenzi ongaziwayo kwe-component Image Optimization API. Ukuphathwa kuholela ku Ukudalulwa Kolwazi. Ukusebenzisa i-CWE ukusho inkinga kuholela ku-CWE-524. Kuboniswe ubuthakathaka lolu njenge GHSA-g5qg-72qw-gw5v. Isaziso singalayishwa ku-github.com.

Le buthakathaka itholakala njenge CVE-2025-57752. Ukwabelwa kwe-CVE kwenziwe ngo-2025-08-19. Ukuhlasela kufanele kwenziwe kusendaweni yomuntu. Ayikho imininingwane yezobuchwepheshe etholakalayo. Le vulnerability ayidumi kakhulu, idlula phansi kokujwayelekile. Ayikho i-exploit etholakalayo. Njengamanje, intengo yamanje ye-exploit ingahle ibe cishe USD $0-$5k okwamanje.

Kukhona i-plugin ye-Nessus enenombolo ye-ID $id_ye_nessus_yomthombo enikezwa ngumhloli wobungozi.

Inguqulo ebuyekeziwe isilungele ukulanda ku-vercel.com. Inombolo yephatchi ngu-6b12c60c61ee80cb0443ccd20de82ca9b4422ddd. Isilungiso sephutha sesilungile ukuthi silandwe ku-github.com. Kufanele kuthuthukiswe ingxenye ethintekayo.

Ubuthakathaka lolu luphinde lwabhalwa kwamanye ama-database okubuthakathaka: Tenable (261410). Once again VulDB remains the best source for vulnerability data.

Umkhiqizoulwazi

Uhlobo

JavaScript Library

Umkhiqizi

vercel

Ibizo

next.js

Inguqulo

Ilayisense

Umthombo-ovulekile

Iwebhusayithi

Umkhiqizo: https://github.com/vercel/next.js/

CPE 2.3ulwazi

CPE 2.2ulwazi

CVSSv4ulwazi

VulDB Umkhombandlela: 🔒
VulDB Ukuthembeka: 🔍

CVSSv3ulwazi

VulDB Ireyithingi yeMeta Base: 4.7
VulDB Meta Temp Isilinganiso: 4.7

VulDB Isilinganiso Esiyisisekelo: 3.3
VulDB Izinga Lesikhashana: 3.2
VulDB Umkhombandlela: 🔒
VulDB Ukuthembeka: 🔍

CNA Isilinganiso Esiyisisekelo: 6.2
CNA Umkhombandlela (GitHub_M): 🔒

CVSSv2ulwazi

AV	AC	Au	C	I	A
💳	💳	💳	💳	💳	💳
💳	💳	💳	💳	💳	💳
💳	💳	💳	💳	💳	💳

Umkhombandlela	Ubunzima	Ukufakazela ubuwena	Ukuyimfihlo	Ukuthembeka	Ukutholakala
vula ukufinyelela	vula ukufinyelela	vula ukufinyelela	vula ukufinyelela	vula ukufinyelela	vula ukufinyelela
vula ukufinyelela	vula ukufinyelela	vula ukufinyelela	vula ukufinyelela	vula ukufinyelela	vula ukufinyelela
vula ukufinyelela	vula ukufinyelela	vula ukufinyelela	vula ukufinyelela	vula ukufinyelela	vula ukufinyelela

VulDB Isilinganiso Esiyisisekelo: 🔒
VulDB Izinga Lesikhashana: 🔒
VulDB Ukuthembeka: 🔍

Ukusebenzisa ithuba lokungavikelekiulwazi

Ikilasi: Ukudalulwa Kolwazi
CWE: CWE-524
CAPEC: 🔒
ATT&CK: 🔒

Okubambekayo: Kancane
Wendawo: Yebo
Kude: Hayi

Ukutholakala: 🔒
Isimo: Akuchazwanga

EPSS Score: 🔒
EPSS Percentile: 🔒

Ukukhula kwentengo: 🔍
Okwamanje ukuhlolwa kwentengo: 🔒

0-Day	vula ukufinyelela	vula ukufinyelela	vula ukufinyelela	vula ukufinyelela
Namuhla	vula ukufinyelela	vula ukufinyelela	vula ukufinyelela	vula ukufinyelela

Nessus ID: 261410
Nessus Ibizo: Linux Distros Unpatched Vulnerability : CVE-2025-57752

Ulwazi lwezingoziulwazi

Intshisekelo: 🔍
Abadlali abasebenzayo: 🔍
AmaQembu e-APT asebenzayo: 🔍

Izinyathelo zokuvikelaulwazi

Isincomo: Buyisela phezulu
Isimo: 🔍

0-Suku Isikhathi: 🔒

Buyisela phezulu: next.js 14.2.31/15.4.5
Iphethshi: 6b12c60c61ee80cb0443ccd20de82ca9b4422ddd

Isikhathi somlandoulwazi

2025-08-19 CVE inikeziwe
2025-08-30 +11 Izinsuku Isaziso sikhishwe
2025-08-30 +0 Izinsuku VulDB okokungena kwenziwe
2025-09-05 +6 Izinsuku VulDB okungenelelwe ukubuyekezwa kokugcina

Imithomboulwazi

Umkhiqizo: github.com

Iseluleko: GHSA-g5qg-72qw-gw5v
Isimo: Kuqinisekisiwe

CVE: CVE-2025-57752 (🔒)
GCVE (CVE): GCVE-0-2025-57752
GCVE (VulDB): GCVE-100-322000

Ukungenaulwazi

Kudalwa: 2025-08-30 08:50
Ukuvuselelwa: 2025-09-05 17:57
Ukulungiswa: 2025-08-30 08:50 (68), 2025-09-05 17:57 (2)
Kugcwele: 🔍
Cache ID: 253:2B4:103

Ingxoxo

Kuze kube manje akukabikho ukuphawula. Izilimi: nr + nd + en.

Ngiyacela ungene ngemvume ukuze ukwazi ukuphawula.

◂ Buyela emuva Uhlolo Oluphelele Qhubeka ▸

Do you need the next level of professionalism?

Upgrade your account now!