Critical Next.js Cache Poisoning Bug CVE‑2025‑49826 Risks DoS for SSR/ISR Sites

Sunday, 4 January

Monday, 7 July, 2025

Critical Next.js Cache Poisoning Bug CVE‑2025‑49826 Risks DoS for SSR/ISR Sites

A critical cache poisoning vulnerability (CVE‑2025‑49826) in Next.js 15.1.0–15.1.7 allows attackers to poison CDN caches with blank 204 responses, triggering denial-of-service across SSR/ISR apps under specific revalidation setups. Exploitation requires static regeneration, server-side rendering, and CDN caching of 204s. The issue is patched in Next.js 15.1.8+—developers are urged to upgrade immediately to prevent blank-page DoS attacks.

Read full story at Cybersecurity News

Tags:developers DoS attacks CDN

Download the TechShots App

IT Trends Move Fast. Stay Faster.

Android iOS

Categories

Critical Next.js Cache Poisoning Bug CVE‑2025‑49826 Risks DoS for SSR/ISR Sites

Also Read

Zomato CEO Deepinder Goyal Celebrates Record-Breaking New Year’s Eve Orders

Supreme Court Issues Directives to Enhance Safety for Women in the Workplace

Huawei and PEA Partner to Launch AI-Powered Intelligent Substations in Thailand

ED Freezes ₹192 Crore Assets of ZO Games in Major Money Laundering Crackdown

Amazon Permits H-1B Staff to Work From India Amid US Visa Processing Delays

Delhi Government Approves Private EVs as Shared Taxis to Boost Green Mobility

India’s Electronics Sector Ignites with Over ₹41,500 Crore in Fresh Investments

President Trump Blocks $2.9 Million Semiconductor Deal Citing National Security Risks

Global Tech Giants Face Mounting Public Backlash Over Rapid Data Center Expansion

Download the TechShots App

Subscribe To Our Newsletter.