更新: 2933 个文件 - 2026-03-18 11:36:11

2026-03-18 11:36:12 -07:00
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2025-48068.json
+++ b/08-threat-intel/registry/advisories/nextjs--CVE-2025-48068.json
@@ -0,0 +1,87 @@
+{
+  "canonical_id": "nextjs--CVE-2025-48068",
+  "system_id": "nextjs",
+  "display_name": "Next.js",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Information exposure in Next.js dev server due to lack of origin verification",
+  "summary": "## Summary\n\nA low-severity vulnerability in **Next.js** has been fixed in **version 15.2.2**. This issue may have allowed limited source code exposure when the dev server was running with the App Router enabled. The vulnerability only affects local development environments and requires the user to visit a malicious webpage while `npm run dev` is active.\n\nBecause the mitigation is potentially a breaking change for some development setups, to opt-in to the fix, you must configure `allowedDevOrigins` in your next config after upgrading to a patched version. [Learn more](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins).\n\nLearn more: https://vercel.com/changelog/cve-2025-48068\n\n## Credit\n\nThanks to [sapphi-red](https://github.com/sapphi-red) and [Radman Siddiki](https://github.com/R4356th) for responsibly disclosing this issue.",
+  "published_at": "2025-05-28T21:52:13Z",
+  "updated_at": "2025-06-13T14:41:21Z",
+  "severity": "medium",
+  "cvss_score": 4.0,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-3h52-269p-cp9r",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2025-48068",
+    "https://github.com/vercel/next.js",
+    "https://vercel.com/changelog/cve-2025-48068"
+  ],
+  "aliases": [
+    "CVE-2025-48068",
+    "GHSA-3h52-269p-cp9r"
+  ],
+  "cve_ids": [
+    "CVE-2025-48068"
+  ],
+  "ghsa_ids": [
+    "GHSA-3h52-269p-cp9r"
+  ],
+  "osv_ids": [
+    "GHSA-3h52-269p-cp9r"
+  ],
+  "affected_versions": [
+    "introduced=15.0.0, fixed<15.2.2",
+    "introduced=13.0, fixed<14.2.30"
+  ],
+  "fixed_versions": [
+    "15.2.2",
+    "14.2.30"
+  ],
+  "package_name": "next",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-48068.md",
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "proxy-trust-boundary",
+    "token-cookie-storage"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "last_verified_at": "2026-03-18T03:57:40+00:00",
+  "last_run_id": "nextjs-nextjs--CVE-2025-48068-20260318035734",
+  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734",
+  "browser_evidence": {
+    "required": false,
+    "present": true,
+    "refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/baseline-page.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/proof-page.json"
+    ]
+  },
+  "repro_profile_id": "nextjs-proxy-boundary",
+  "artifact_mode": "local-fixture",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [
+      "OSV Next.js"
+    ],
+    "source_kinds": [
+      "osv-batch"
+    ],
+    "candidate_count": 1
+  },
+  "historical_status": "verified-real",
+  "latest_status": "verified-real"
+}