CyberSecurityBoard
Sponsor Register Login

Next.js Cache Poisoning Vulnerability Let Attackers Trigger DoS Condition

For the vulnerability to be exploitable, three critical conditions must be met simultaneously: deployment of an affected Next.js version (>=15.1.0 <15.1.8), utilization of Incremental Static Regeneration (ISR) with cache revalidation in production mode (next start or standalone deployment), and implementation of Server-Side Rendering (SSR) with a Content Delivery Network (CDN) configured to cache 204 responses. Under specific conditions, the flaw allows malicious actors to poison the cache with empty responses, causing legitimate users to receive blank pages instead of proper content.

This Cyber News was published on cybersecuritynews.com. Publication date: Sat, 05 Jul 2025 03:15:10 +0000


Cyber News related to Next.js Cache Poisoning Vulnerability Let Attackers Trigger DoS Condition

What is SEO Poisoning Attack? - Search engine optimization (SEO) poisoning is a type of cyber attack that infiltrates search results. It consists of malicious search engine results created by an attacker attempting to redirect someone to malicious or vulnerable webpages. It is a ...
2 years ago Heimdalsecurity.com
How Purge Cache Keeps Your Website Content Fresh and Responsive - By bringing content closer to each visitor, CDNs improve performance and reduce load on the origin server - caching is the raison d'etre for CDNs. The reason for this is a CDN's effectiveness can be measured by the cache hit ratio, which is the ...
1 year ago Imperva.com
Data Poisoning: The Next Evolution of Ransomware That No One is Ready For - Wouldn’t it be reassuring to know that even in a world where digital deception is on the rise, your business had an extra layer of protection? While no single tool can completely eliminate cyber threats, integrating verification measures like these ...
2 months ago Cybersecuritynews.com
CVE-2025-38066 - In the Linux kernel, the following vulnerability has been resolved: ...
2 weeks ago
CVE-2021-41589 - In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. This configuration allows anonymous ...
3 years ago
Google Chrome's new cache change could boost performance - Google is introducing a significant change to Chrome's Back/Forward Cache behavior, allowing web pages to be stored in the cache, even if a webmaster specifies not to store a page in the browser's cache. "Bfcache is an in-memory cache that stores a ...
1 year ago Bleepingcomputer.com
CVE-2023-30853 - Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. A vulnerability impacts GitHub workflows using the Gradle Build Action prior to version 2.4.2 that have executed the Gradle Build Tool with the configuration ...
2 years ago
How to Prevent DNS Attacks: DNS Security Best Practices - To protect against attack, best practices must be applied to protect the DNS protocol, the server on which the DNS protocol runs, and all access to the DNS processes. Implementing these best practices will not only protect DNS but also network ...
1 year ago Esecurityplanet.com
CVE-2024-50278 - In the Linux kernel, the following vulnerability has been resolved: dm cache: fix potential out-of-bounds access on the first resume Out-of-bounds access occurs if the fast device is expanded unexpectedly before the first-time resume of the cache ...
7 months ago Tenable.com
Next.js Cache Poisoning Vulnerability Let Attackers Trigger DoS Condition - For the vulnerability to be exploitable, three critical conditions must be met simultaneously: deployment of an affected Next.js version (>=15.1.0 <15.1.8), utilization of Incremental Static Regeneration (ISR) with cache revalidation in ...
3 days ago Cybersecuritynews.com
Kaspersky Unveils New Flagship Product Line for Business, Kaspersky Next - PRESS RELEASE. Woburn, MA - April 16, 2024 - Today Kaspersky introduced its new flagship product line, Kaspersky Next, combining robust endpoint protection with the transparency and speed of EDR, alongside the visibility and powerful tools of XDR. ...
1 year ago Darkreading.com
CVE-2024-50279 - In the Linux kernel, the following vulnerability has been resolved: dm cache: fix out-of-bounds access to the dirty bitset when resizing dm-cache checks the dirty bits of the cache blocks to be dropped when shrinking the fast device, but an index bug ...
7 months ago Tenable.com
CVE-2024-40918 - In the Linux kernel, the following vulnerability has been resolved: ...
6 months ago
CVE-2021-47275 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
New Remote Desktop Puzzle Let Hackers Exfiltrate Sensitive Data From Organization - “The RDP bitmap cache is a witness to remote desktop interactions, providing insights into past activities,” Pen Test Partners said to Cyber Security News. In a recent case study, Pen Test Partners investigated a data breach where an ...
2 months ago Cybersecuritynews.com
CVE-2022-49999 - In the Linux kernel, the following vulnerability has been resolved: ...
2 weeks ago
CVE-2021-41129 - Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. A malicious user can modify the contents of a `confirmation_token` input during the two-factor authentication process to reference a cache value not ...
1 year ago
CVE-2022-49882 - In the Linux kernel, the following vulnerability has been resolved: ...
2 months ago
CVE-2021-29479 - Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a user supplied `X-Forwarded-Host` header can be used to perform cache poisoning of a cache fronting a Ratpack server if the cache key does not include the ...
3 years ago
CVE-2024-57929 - In the Linux kernel, the following vulnerability has been resolved: dm array: fix releasing a faulty array block twice in dm_array_cursor_end When dm_bm_read_lock() fails due to locking or checksum errors, it releases the faulty block implicitly ...
5 months ago Tenable.com
CVE-2025-22015 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago
CVE-2007-6548 - Multiple direct static code injection vulnerabilities in RunCMS before 1.6.1 allow remote authenticated administrators to inject arbitrary PHP code via the (1) header and (2) footer parameters to modules/system/admin.php in a meta-generator action, ...
6 years ago
CVE-2023-2828 - Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the ...
1 year ago
CVE-2024-46982 - Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router (this does not affect the app router). When ...
9 months ago Slug
CVE-2025-32421 - Next.js is a React framework for building full-stack web applications. Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This issue only affects the Pages Router under certain misconfigurations, causing normal endpoints to ...
1 month ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)