---
title: "Security Update: Multiple vulnerabilities in Next.js | Netlify Changelog"
description: "Get the latest updates on Netlify products and features to meet your developer needs."
source: "https://www.netlify.com/changelog/security-update-multiple-vulnerabilities-in-next-js-2025-08/"
last_updated: "2026-07-15T05:57:32.000Z"
---
We are aware of recently disclosed vulnerabilities affecting Next.js applications:

1.  [CVE-2025-55173](https://github.com/vercel/next.js/security/advisories/GHSA-xv57-4mr9-wg8v): **Next.js Image Optimization – Arbitrary File Download**
2.  [CVE-2025-57822](https://github.com/vercel/next.js/security/advisories/GHSA-4342-x723-ch2f): **Next.js Middleware – SSRF via Misuse of `next()`**
3.  [CVE-2025-57752](https://github.com/vercel/next.js/security/advisories/GHSA-g5qg-72qw-gw5v): **Next.js Image Optimization – Cache Poisoning / Unauthorized Disclosure**

As a security precaution, we recommend upgrading to the latest versions of Next.js and enabling [**automatic updates of the OpenNext Netlify Next.js adapter**](https://docs.netlify.com/frameworks/next-js/overview/#reverting-to-an-older-adapter-version).

The engineering team at Netlify has reviewed these and determined the following impact on Netlify sites: \*

1.  [CVE-2025-55173](https://github.com/vercel/next.js/security/advisories/GHSA-xv57-4mr9-wg8v): **Next.js Image Optimization – Arbitrary File Download**

Sites on Netlify **are not vulnerable**.

Next.js sites on Netlify use Netlify’s Image CDN instead of the affected built-in Next.js Image Optimization feature. Furthermore, Netlify Image CDN strips `Content-Disposition` headers, which is required for successful exploitation of this vulnerability. With this header removed it is not possible to force a file download or override the filename, even in case of a mismatch between the requested image type and the source file type.

2.  [CVE-2025-57822](https://github.com/vercel/next.js/security/advisories/GHSA-4342-x723-ch2f): **Next.js Middleware – SSRF via Misuse of `next()`**

Sites on Netlify **are not vulnerable**.

Our OpenNext adapter uses Edge Functions to run middleware and relies on the `context.next()` API as the underlying implementation of `NextResponse.next()` calls, passing the original request URL and preventing this attack vector.

3.  [CVE-2025-57752](https://github.com/vercel/next.js/security/advisories/GHSA-g5qg-72qw-gw5v): **Next.js Image Optimization – Cache Poisoning / Unauthorized Disclosure**

Next.js sites on Netlify are **potentially vulnerable**, if the sites use the `next/image` component to fetch images from a source that uses headers to conditionally serve images.

Next.js sites using the `next/image` component will automatically opt into Netlify’s Image CDN which, by design, will automatically cache the source assets on Netlify’s Edge Cache. This means that a source image that is served behind an authorization header will get cached on the Netlify Edge Cache in order to improve performance. Upgrading to the newest version of Next.js will not change this behavior.

If your Next.js site serves images from a protected source, we advise you to not use the `next/image` component so that you have full control over the caching and authorization strategies required for your use-case.

We are working continually with the Next.js team and are committed to making your sites secure on Netlify.