Cache Key Confusion

🗓️ 29 Sep 2025 09:13:41Reported by Veracode Vulnerability DatabaseType

Next.js cache key confusion in Image Optimization routes allows attackers to access cached images intended for authorized users.

Reporter	Title	Published	Views	Family All 25
IBM Security Bulletins	Security Bulletin: IBM Edge Data Collector uses next-15.3.1.tgz which is vulnerable to CVE-2025-55173, CVE-2025-57752.	1 Dec 202517:49	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Event Processing	5 Jan 202611:20	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in QRadar Suite Software	13 Mar 202619:11	–	ibm
IBM Security Bulletins	Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in Next.js (CVE-2025-57752 and CVE-2025-55173)	30 May 202608:51	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data	16 Dec 202511:07	–	ibm
IBM Security Bulletins	Security Bulletin: Components with known vulnerabilities in IBM Security QRadar Analyst Workflow for IBM QRadar SIEM	19 Dec 202521:06	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security QRadar Network Threat Analytics app for IBM QRadar SIEM includes components with known vulnerabilities	19 Dec 202521:13	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Watsonx BI Assistant for CP4D	15 Dec 202515:39	–	ibm
Chainguard	CVE-2025-57752 vulnerabilities	2 Sep 202519:17	–	cgr
Circl	CVE-2025-57752	29 Aug 202522:14	–	circl

Vulners

Node

next nextRange15.0.0-canary.0–15.4.4js

next nextRange0.9.9–14.2.30js

next nextRange15.0.0–15.4.4js

Source	Link
github	www.github.com/vercel/next.js/pull/82114
github	www.github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd
github	www.github.com/advisories/GHSA-g5qg-72qw-gw5v
vercel	www.vercel.com/changelog/cve-2025-57752

03 Jun 2026 09:28Current

7High risk

Vulners AI Score7

CVSS 3.16.2

EPSS0.00144

SSVC