New Unauthenticated DoS Vulnerability Lets Attackers Crash Next.js Servers with a Single HTTP Request
Posted: Mon Dec 01, 2025 6:59 am
Security researchers have discovered a critical denial-of-service vulnerability in Next.js that allows unauthenticated attackers to crash self-hosted servers with a single HTTP request.
The flaw was unexpectedly uncovered by an AI security testing tool while examining a demo application, ultimately revealing a previously unknown vulnerability in Next.js itself rather than the application being tested.
https://cyberpress.org/new-unauthentica ... erability/
The flaw was unexpectedly uncovered by an AI security testing tool while examining a demo application, ultimately revealing a previously unknown vulnerability in Next.js itself rather than the application being tested.
https://cyberpress.org/new-unauthentica ... erability/