3 matches found
better-auth-cloudflare (=0.1.0), next-ai-draw-io (=0.4.10) potentially affected by CVE-2025-6087 +1 more via @opennextjs/cloudflare (>=1.0.1 <=1.14.8)
@opennextjs/cloudflare NPM version =1.0.1, =1.14.8 is affected by a known vulnerability. The following packages have a transitive dependency on @opennextjs/cloudflare and may be impacted: - better-auth-cloudflare =0.1.0 - next-ai-draw-io =0.4.10 Source cves: CVE-2025-6087, CVE-2026-3125 Source...
CVE-2025-6087
creationtimestamp| type| source ---|---|--- 2025-06-16 19:25:01+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114694678161147224 2025-06-16 19:41:02+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/18520 2025-06-19 03:14:52+00:00| seen|...
CVE-2025-6087
CVE-2025-6087 affects @opennextjs/cloudflare (OpenNext Cloudflare adapter) and enables SSRF by proxying arbitrary remote content through the /_next/image endpoint due to an unimplemented feature. Affected deployments using the Cloudflare adapter for Open Next are at risk of loading remote resourc...