CVE-2025-30218 Next.js may leak x-middleware-subrequest-id to external hosts

Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is not the same host ...

Next.js 信息泄露漏洞

Next.js is a React framework open-sourced by Vercel. An information disclosure vulnerability exists in Next.js, which stems from insufficient validation of the x-middleware-subrequest-id, which could lead to information disclosure. The following versions are affected: versions prior to 12.3.6,...