2 matches found
CVE-2025-59472
A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the Next-Resume: 1 header and processes attacker-controlled postponed state data. Two closely related...
CVE-2025-59472
CVE-2025-59472 concerns Next.js with Partial Prerendering (PPR) enabled in minimal mode. The vulnerability stems from the PPR resume endpoint accepting unauthenticated POSTs (Next-Resume: 1) and processing attacker-controlled data, causing memory exhaustion via two vectors: 1) Unbounded request b...