Critical Next.js Cache Poisoning Vulnerability: CVE-2025-49826

1 Star2 Stars3 Stars4 Stars5 Stars (9 votes, average: 5.00 out of 5)
Loading...
Published: July 8, 2025
Next.js Cache Poisoning Vulnerability

CVE-2025-49826 is a serious vulnerability in Next.js, a widely used web framework based on the React platform. This vulnerability enables attackers to poison the cache and redirect users to blank pages. This results in a denial-of-service (DoS) attack.

This vulnerability affects Next.js versions 15.1.0 to 15.1.7. The cache poisoning occurs when conflicting cache settings are used together with dramatic handling of HTTP 204 (No Content).

Next.js Cache Poisoning Flaw

  • Affected Framework: Next.js (React-based)
  • Vulnerability ID: CVE-2025-49826
  • Severity: High (CVSS 7.5)
  • Impact: Denial of Service (DoS) via cache poisoning
  • Versions Affected: 15.1.0 to <15.1.8
  • Fixed In: 15.1.8, 15.2.0

How Does This Vulnerability Work?

The bug happens when:

  • The app uses Incremental Static Regeneration (ISR) with cache revalidation.
  • The app uses Server-Side Rendering (SSR).
  • A CDN caches HTTP 204 responses.
  • The app runs on Next.js 15.1.0 to 15.1.7.

Attackers force a blank 204 response into the cache. All users then get empty pages, leading to a DoS condition.

Also Read: Cloudflare Blocks Largest DDoS Attack Ever: 7.3 Tbps and 37.4 TB in Just 45 Seconds

How Was It Fixed?

The Next.js team took swift action. They:

  • Removed the code that allowed 204 responses in the cache.
  • Fixed a race condition that caused improper caching.

Patch Versions:

Version TypeFixed Version
Patch release15.1.8
Enhanced fix15.2.0
Older major version backport15.0.4

What Should Developers Do Now?

Upgrade Immediately

  • If on 15.1.0 to 15.1.7, move to 15.1.8 or 15.2.0+.
  • If on older major versions, ensure you’re using 15.0.4 or below.

Review CDN Settings

  • Don’t cache 204 responses on critical routes.

Monitor

  • Watch logs for unexpected 204 patterns.

Vercel-hosted apps are safe as their CDN blocks this attack.

Why Is This Important?

Contemporary frameworks utilize advanced caching mechanisms designed to improve the performance and speed of sites, but it is useful to note that vulnerabilities in their caching logic, as in this example, could be exploited to conduct catastrophic DoS attacks at scale.

Also Read: Critical OpenSSH Vulnerabilities Expose Systems to MitM and DoS Attacks

Therefore, it is vital that senior developers and architects enhance their awareness of caching and review their cache rules on a regular basis.

Risk Factors Table

FactorDetails
ImpactBlank pages cause site blackout
ConditionsNext.js 15.1.0-15.1.7 + ISR + SSR + CDN caching 204
CVSS Score7.5 (High)
Exploitable ByPoisoned cache with 204 response

How to Prevent this Type of Vulnerability and Attack?

Don’t let cache poisoning or Denial of Service (DoS) attacks threaten your business. SiteLock delivers comprehensive, automated security to automatically scan, detect, and fix threats (cache poisoning, ransomware, malicious code, and more) as they arise.

  • Daily Vulnerability Scanning
  • Automatic Malware Removal
  • Web Application Firewall (WAF)
  • DDoS Protection & CDN Optimization

Get started with SiteLock now and secure your Next.js apps from hidden risks.

Janki Mehta

Janki Mehta

Janki Mehta is a passionate Cyber-Security Enthusiast who keenly monitors the latest developments in the Web/Cyber Security industry. She puts her knowledge into practice and helps web users by arming them with the necessary security measures to stay safe in the digital world.