Critical Next.js Cache Poisoning Bug CVE‑2025‑49826 Risks DoS for SSR/ISR Sites

Sunday, 20 July

Monday, 7 July, 2025

Critical Next.js Cache Poisoning Bug CVE‑2025‑49826 Risks DoS for SSR/ISR Sites

A critical cache poisoning vulnerability (CVE‑2025‑49826) in Next.js 15.1.0–15.1.7 allows attackers to poison CDN caches with blank 204 responses, triggering denial-of-service across SSR/ISR apps under specific revalidation setups. Exploitation requires static regeneration, server-side rendering, and CDN caching of 204s. The issue is patched in Next.js 15.1.8+—developers are urged to upgrade immediately to prevent blank-page DoS attacks.

Read full story at Cybersecurity News

Tags:developers DoS attacks CDN

Categories

Critical Next.js Cache Poisoning Bug CVE‑2025‑49826 Risks DoS for SSR/ISR Sites

Also Read

OpenAI Partners with Google Cloud to Scale AI Compute Capacity

IBM Launches Agentic AI Innovation Center in Bengaluru to Power Enterprise AI Agents

Trump Signs GENIUS Act, Creating First U.S. Stablecoin Framework

Perplexity AI Eyes Mobile Dominance by Pre-Installing Comet AI Browser with OEMs

Reliance Launches Ajio Rush for 4‑Hour Fashion Delivery Amid Quick Commerce Boom

Microsoft to Sign EU AI Code of Practice as Meta Opts Out, Splitting Big Tech

IIT Students Tape Out 8 Chipsets, Sent to Fabs Under India Semiconductor Push

xAI’s Grok Teased with Meme Generator Feature—“Something Very Cool Is Brewing”

Microsoft to Embrace EU AI Code of Practice, While Meta Opts Out Over Legal Concerns

Subscribe To Our Newsletter.