V2EX = way to explore
V2EX 是一个关于分享和探索的地方
Sign Up Now
For Existing Member Sign In
Security Advisory: CVE-2025-66478 Next.js 高危漏洞,建议大家马上升级到最新版,影响 15~ 16 所有版本
avenger · bolechen · Dec 7, 2025 · 2173 viewsThis topic created in 153 days ago, the information mentioned may be changed or developed.
Affected Next.js Versions
npm install [email protected] # for 15.0.x
npm install [email protected] # for 15.1.x
npm install [email protected] # for 15.2.x
npm install [email protected] # for 15.3.x
npm install [email protected] # for 15.4.x
npm install [email protected] # for 15.5.x
npm install [email protected] # for 16.0.x
npm install [email protected] # for 15.x canary releases
npm install [email protected] # for 16.x canary releases
官方 blog
https://nextjs.org/blog/CVE-2025-66478
会影响所有用了 React Server Components (RSC) 的框架,允许远程执行任意代码,官方定级为 10 分,需要马上修复。
No Comments Yet
Select Language