What is CVE-2025-57752?

CVE-2025-57752 is a medium-severity vulnerability in Vercel Next.js, classified under Use of Cache Containing Sensitive Information. CVSS score: 6.2/10. Published 2025-08-29.

How severe is CVE-2025-57752?

Medium severity. CVSS v3 base score is 6.2 out of 10.

Vulnerability in Vercel Next.js

CVE-2025-57752

Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API ro…

EPSS: 0.001 (34.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.2 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Vercel Next.js — versions >= 15.0.0, < 15.4.5, < 14.2.31

Weakness classification (CWE)

CWE-524 — Use of Cache Containing Sensitive Information

References

https://github.com/vercel/next.js/security/advisories/GHSA-g5qg-72qw-gw5v (x_refsource_CONFIRM)
https://github.com/vercel/next.js/pull/82114 (x_refsource_MISC)
https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd (x_refsource_MISC)
https://vercel.com/changelog/cve-2025-57752 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-57752?: CVE-2025-57752 is a medium-severity vulnerability in Vercel Next.js, classified under Use of Cache Containing Sensitive Information. CVSS score: 6.2/10. Published 2025-08-29.
How severe is CVE-2025-57752?: Medium severity. CVSS v3 base score is 6.2 out of 10.