A high-severity Server-Side Request Forgery (SSRF) vulnerability has been identified in the @opennextjs/cloudflare package, enabling attackers to exploit the /_next/image endpoint to load remote resources from arbitrary hosts. The vulnerability, assigned CVE-2025-6087 with a CVSS score of 7.8, affects all versions prior to 1.3.0 and was disclosed by security researcher Edward Coristine. SSRF Vulnerability in […]
The post Open Next for Cloudflare SSRF Vulnerability Let Attackers Load Remote Resources from Arbitrary Hosts appeared first on Cyber Security News.
This article has been indexed from Cyber Security News