CVE-2025-59472
unknown
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
โ
Description
Next.js has Unbounded Memory Consumption via PPR Resume Endpoint
Predictions
Exploit likelihood
30%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| npm | next | >=16.0.0-beta.0,<16.1.5 | 16.1.5 |
| npm | next | >=15.0.0-canary.0,<=15.0.0-canary.205 | |
| npm | next | >=15.0.1-canary.0,<=15.0.1-canary.3 | |
| npm | next | >=15.0.2-canary.0,<=15.0.2-canary.11 | |
| npm | next | >=15.0.3-canary.0,<=15.0.3-canary.9 | |
| npm | next | >=15.0.4-canary.0,<=15.0.4-canary.52 | |
| npm | next | >=15.1.1-canary.0,<=15.1.1-canary.27 | |
| npm | next | >=15.2.0-canary.0,<=15.2.0-canary.77 | |
| npm | next | >=15.2.1-canary.0,<=15.2.1-canary.6 | |
| npm | next | >=15.2.2-canary.0,<=15.2.2-canary.7 | |
| npm | next | >=15.3.0-canary.0,<=15.3.0-canary.46 | |
| npm | next | >=15.3.1-canary.0,<=15.3.1-canary.15 | |
| npm | next | >=15.4.0-canary.0,<=15.4.0-canary.130 | |
| npm | next | >=15.4.2-canary.0,<=15.4.2-canary.56 | |
| npm | next | >=15.5.1-canary.0,<=15.5.1-canary.39 | |
| npm | next | >=15.6.0-canary.0,<15.6.0-canary.61 | 15.6.0-canary.61 |
References
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.