12 matches found
Next.js Framework 15.x < 15.6.0-canary.61 / 16.x < 16.1.5 PPR Resume Endpoint DoS (GHSA-5f7q-jpqc-wp7h)
The Next.js Framework on the remote host is affected by a denial of service vulnerability: - A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the...
EUVD-2025-206333
Next.js has Unbounded Memory Consumption via PPR Resume Endpoint...
GHSA-5F7Q-JPQC-WP7H Next.js has Unbounded Memory Consumption via PPR Resume Endpoint
A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the Next-Resume: 1 header and processes attacker-controlled postponed state data. Two closely related...
Next.js has Unbounded Memory Consumption via PPR Resume Endpoint
A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the Next-Resume: 1 header and processes attacker-controlled postponed state data. Two closely related...
Linux Distros Unpatched Vulnerability : CVE-2025-59472
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts...
CVE-2025-59472
A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the Next-Resume: 1 header and processes attacker-controlled postponed state data. Two closely related...
CVE-2025-59472
A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the Next-Resume: 1 header and processes attacker-controlled postponed state data. Two closely related...
CVE-2025-59472
A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the Next-Resume: 1 header and processes attacker-controlled postponed state data. Two closely related...
CVE-2025-59472
A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the Next-Resume: 1 header and processes attacker-controlled postponed state data. Two closely related...
CVE-2025-59472
A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the Next-Resume: 1 header and processes attacker-controlled postponed state data. Two closely related...
CVE-2025-59472
CVE-2025-59472 concerns Next.js; vulnerable when Partial Prerendering (PPR) is enabled in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the Next-Resume: 1 header and processes attacker-controlled postponed state data. Two concrete memory-exhaustion vectors are d...
PT-2026-4817
Name of the Vulnerable Software and Affected Versions Next.js versions with experimental.ppr: true or cacheComponents: true configured along with the NEXT PRIVATE MINIMAL MODE=1 environment variable Description A denial of service issue exists in Next.js when Partial Prerendering PPR is enabled i...