CVE-2025-49005
SummaryA cache poisoning vulnerability affecting Next.js App Router >=15.3.0 < 15.3.3 / Vercel CLI 41.4.1–42.2.0 has been resolved. The issue allowed page requests for HTML content to return a...
Next.js App Router 15.3.0至15.3.2和Vercel CLI 41.4.1至42.2.0存在缓存中毒漏洞,已修复。该漏洞可能导致HTML请求返回React服务器组件。修复方法包括正确设置Vary头和重新部署应用。
