CVE-2025-48068

Sažetak

Next.js is a React framework for building full-stack web applications. In versions starting from 13.0 to before 15.2.2, Next.js may have allowed limited source code exposure when the dev server was running with the App Router enabled. The vulnerability only affects local development environments and requires the user to visit a malicious webpage while npm run dev is active. This issue has been patched in version 15.2.2.

Reference

https://github.com/vercel/next.js/security/advisories/GHSA-3h52-269p-cp9r
https://vercel.com/changelog/cve-2025-48068

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

30-05-2025 - 16:31

Objavljeno

30-05-2025 - 04:15