Missing Origin Validation In WebSockets

🗓️ 28 Jul 2025 07:32:56Reported by Veracode Vulnerability DatabaseType

Next.js has a vulnerability in WebSockets due to missing origin validation when in development mode.

Reporter	Title	Published	Views	Family All 18
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Event Processing	30 Dec 202512:59	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security QRadar Network Threat Analytics app for IBM QRadar SIEM includes a component with known vulnerabilities (CVE-2025-29927 & CVE-2025-48068)	23 Oct 202513:11	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security QRadar Network Threat Analytics app for IBM QRadar SIEM includes components with known vulnerabilities	19 Dec 202521:13	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Watsonx BI Assistant for CP4D	11 Mar 202617:12	–	ibm
IBM Security Bulletins	Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in Next.js (CVE-2025-48068)	30 May 202608:58	–	ibm
Circl	CVE-2025-48068	29 May 202512:34	–	circl
CNNVD	Next.js 安全漏洞	30 May 202500:00	–	cnnvd
CVE	CVE-2025-48068	30 May 202503:37	–	cve
Cvelist	CVE-2025-48068 Information exposure in Next.js dev server due to lack of origin verification	30 May 202503:37	–	cvelist
EUVD	EUVD-2025-16359	3 Oct 202520:07	–	euvd

Vulners

Node

next nextRange13.0.0–14.2.29js

next nextRange15.0.0-canary.0–15.2.1js

Source	Link
vercel	www.vercel.com/changelog/cve-2025-48068
github	www.github.com/vercel/next.js/pull/76880
github	www.github.com/vercel/next.js/commit/d928709b7494bc0e296bea9148dd803e9d9599b1
github	www.github.com/advisories/GHSA-3h52-269p-cp9r
github	www.github.com/vercel/next.js/security/advisories/GHSA-3h52-269p-cp9r

28 Jul 2025 08:52Current

6Medium risk

Vulners AI Score6

CVSS 3.14.3

CVSS 42.3

EPSS0.00166

SSVC