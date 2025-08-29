This week's update

This week, new critical vulnerabilities were disclosed in Next.js’s image optimization functionality, exposing a broad range of production environments to risks of data exposure and cache manipulation.

Key Findings

CVE-2025-55173: Arbitrary file download from the server via image optimization.

CVE-2025-57752: Cache poisoning leading to unauthorized data disclosure.

Impact

Exploitation could expose sensitive files, leak user or backend data, and undermine application trust. Given Next.js’s wide use, immediate patching and cache hardening are strongly advised.