CVE-2025-55182 – Next.js
CVSS 10
CRITICAL
“When a web framework fails at its core, every app built on it inherits the risk.”
Next.js addressed CVE-2025-55182, a critical vulnerability that allows remote code execution in affected applications. The flaw impacts core framework functionality and can be exploited through crafted requests, potentially allowing attackers to execute arbitrary code on servers running vulnerable Next.js applications.
CVE-2025-55182 has a CVSS score of 10.0, which is Critical severity. Active exploitation has been observed, confirming real-world attacks are already targeting this issue. The patch fixes the vulnerable request handling logic and strengthens validation to prevent unauthorized code execution.
Key Details
- Affected Product
- Facebook React
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-502
Patch this CVE on all your endpoints in under 5 minutes.
First 200 endpoints are free forever, scale as needed.