Critical Next.js Cache Poisoning Bug CVE‑2025‑49826 Risks DoS for SSR/ISR Sites

Saturday, 5 July, 2025

Critical Next.js Cache Poisoning Bug CVE‑2025‑49826 Risks DoS for SSR/ISR Sites

A critical cache poisoning vulnerability (CVE‑2025‑49826) in Next.js 15.1.0–15.1.7 allows attackers to poison CDN caches with blank 204 responses, triggering denial-of-service across SSR/ISR apps under specific revalidation setups. Exploitation requires static regeneration, server-side rendering, and CDN caching of 204s. The issue is patched in Next.js 15.1.8+—developers are urged to upgrade immediately to prevent blank-page DoS attacks.

Read full story at Cybersecurity News

Tags:developers DoS attacks CDN

Categories

Critical Next.js Cache Poisoning Bug CVE‑2025‑49826 Risks DoS for SSR/ISR Sites

Also Read

Lab-Grown Sperm and Eggs May Arrive Within a Decade, Say Scientists

EVs Gain Ground in South Africa Despite Higher Initial Costs

Indian Govt issues threat warning for headphone users

Meta Adds Direct Messaging and Trending Highlights

Mivi Launches AI-Powered 'Buds with Brains' for Human-Like Conversations

NightEagle APT Exploits Microsoft Exchange Zero‑Day to Spy on China’s Tech and Military

Critical Next.js Cache Poisoning Bug CVE‑2025‑49826 Risks DoS for SSR/ISR Sites

India Launches ₹1 Lakh Crore RDI Scheme to Empower Deep‑Tech Startups & Manufacturing

Trump to Initiate US–China TikTok Deal Talks Early Next Week

Subscribe To Our Newsletter.