运行 nextjs-nextjs--CVE-2025-49005-20260318035740

漏洞条目
nextjs--CVE-2025-49005

实证状态
verified-real

复现 Profile
nextjs-proxy-boundary

Artifact 模式
local-fixture

Mermaid 时间线

flowchart LR
A["选择 Advisory"] --> B["解析 Repro Profile"]
B --> C["生成 Compose 环境"]
C --> D["采集基线快照"]
D --> E["执行受控攻击步骤"]
E --> F["浏览器回放验证"]
F --> G["收集日志与证据"]
G --> H["回写 Registry 与报告"]

运行时间线

时间	步骤	状态	说明
`2026-03-18T03:57:40+00:00`	`select-advisory`	`completed`	nextjs--CVE-2025-49005
`2026-03-18T03:57:40+00:00`	`resolve-repro-profile`	`completed`	nextjs-proxy-boundary
`2026-03-18T03:57:41+00:00`	`doctor`	`completed`	all checks passed
`2026-03-18T03:57:43+00:00`	`provision-compose-environment`	`ready`	-
`2026-03-18T03:57:43+00:00`	`wait-ready`	`completed`	baseline urls ready (1)
`2026-03-18T03:57:43+00:00`	`seed-environment`	`completed`	steps=1
`2026-03-18T03:57:43+00:00`	`baseline-snapshot`	`completed`	urls=1
`2026-03-18T03:57:44+00:00`	`browser-replay-before-attack`	`completed`	-
`2026-03-18T03:57:44+00:00`	`controlled-attack-chain`	`completed`	steps=1
`2026-03-18T03:57:45+00:00`	`browser-replay-after-attack`	`completed`	-
`2026-03-18T03:57:45+00:00`	`collect-logs-and-evidence`	`completed`	container_logs=1
`2026-03-18T03:57:47+00:00`	`cleanup-compose-environment`	`completed`	docker compose down completed
`2026-03-18T03:57:47+00:00`	`update-registry-and-reports`	`completed`	nextjs-nextjs--CVE-2025-49005-20260318035740

攻击步骤

工具	状态	输出
`nextjs.proxy-boundary`	`completed`	`/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/attack.json`

浏览器截图

证据清单

compose/compose.yaml
assets/baseline.png
assets/baseline-dom.html
logs/baseline-console.json
logs/baseline-network.json
logs/baseline-page.json
assets/proof.png
assets/proof-dom.html
logs/proof-console.json
logs/proof-network.json
logs/proof-page.json
logs/docker/app.log
logs/attack.json
logs/baseline.json