---
title: "Security Update: Next.js sites on Netlify not vulnerable to CVE-2025-32421 | Netlify Changelog"
description: "Get the latest updates on Netlify products and features to meet your developer needs."
source: "https://www.netlify.com/changelog/security-update-next-js-sites-on-netlify-not-vulnerable-to-cve-2025-32421/"
last_updated: "2026-07-15T06:03:28.000Z"
---
The Next.js team [recently disclosed CVE-2025-32421](https://github.com/vercel/next.js/security/advisories/GHSA-qpjv-v59x-3qc4), a low-severity vulnerability allowing for CDN cache poisoning in some scenarios.

The engineering team at Netlify has confirmed that all Next.js sites on Netlify **are not vulnerable**. The vulnerability requires use of a CDN that may cache responses without explicit Cache-Control headers, but Netlify’s CDN never does so.

As a general security precaution, we recommend upgrading to the latest versions of the Next.js framework and [allowing automatic updates of the OpenNext Netlify Next.js adapter](https://docs.netlify.com/frameworks/next-js/overview/#reverting-to-an-older-adapter-version).