Listen to this Post
The CVE-2025-6087 vulnerability in `@opennextjs/cloudflare` allows unauthenticated attackers to perform SSRF attacks via the `/_next/image` endpoint. The flaw occurs due to improper validation of user-supplied URLs, enabling malicious actors to proxy arbitrary external content through the victim’s domain. For example, a crafted request like `https://victim-site.com/_next/image?url=https://attacker.com` forces the server to fetch and serve attacker-controlled resources, bypassing same-origin policy restrictions. This can lead to phishing, internal network exposure, or abuse of trusted domains. The vulnerability stems from missing server-side checks in the Cloudflare adapter for Open Next, allowing unrestricted remote URL loading.
DailyCVE Form
Platform: OpenNextJS/Cloudflare
Version: <1.3.0
Vulnerability: SSRF
Severity: Critical
Date: 2025-06-17
Prediction: Patch expected by 2025-06-24
What Undercode Say
Check installed version npm list @opennextjs/cloudflare Upgrade to patched version npm install @opennextjs/[email protected] Next.js config mitigation (remotePatterns) module.exports = { images: { remotePatterns: [{ protocol: 'https', hostname: 'trusted.com' }], }, }
How Exploit
GET /_next/image?url=http://attacker.com/malicious.jpg HTTP/1.1 Host: victim-site.com
Protection from this CVE
- Upgrade to `@opennextjs/[email protected]`
– Apply Cloudflare platform updates - Restrict `remotePatterns` in Next.js config
Impact
- SSRF attacks
- Phishing via domain spoofing
- Internal service exposure
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
