2 matches found
CVE-2025-30218
Next.js (React framework) contains a vulnerability where x-middleware-subrequest-id is exposed to third-party destinations when a fetch to a different host occurs inside Middleware. Root cause: subrequest-id validation persisted across requests whereas destinations can differ, allowing informatio...
CVE-2025-30218 Next.js may leak x-middleware-subrequest-id to external hosts
Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is not the same host ...