CVE-2025-55173 Overview
CVE-2025-55173 is a content injection vulnerability in the Next.js Image Optimization feature maintained by Vercel. The flaw affects Next.js versions before 14.2.31 and versions from 15.0.0 up to but not including 15.4.5. Attacker-controlled external image sources can trigger file downloads with arbitrary content and filenames under specific application configurations. Adversaries can abuse this behavior to deliver malicious files or stage phishing attacks that appear to originate from a trusted Next.js application domain. The issue is classified under [CWE-20] Improper Input Validation and requires user interaction to succeed. Vercel resolved the vulnerability in Next.js 14.2.31 and 15.4.5.
Critical Impact
Attackers can serve arbitrary file content with attacker-chosen filenames through a trusted Next.js application origin, enabling phishing and malicious file delivery.
Affected Products
- Vercel Next.js versions prior to 14.2.31
- Vercel Next.js versions 15.0.0 through versions before 15.4.5
- Applications using the Next.js Image Optimization feature with external image sources configured
Discovery Timeline
- 2025-08-29 - CVE-2025-55173 published to NVD
- 2025-09-08 - Last updated in NVD database
Technical Details for CVE-2025-55173
Vulnerability Analysis
Next.js ships a built-in Image Optimization pipeline that fetches and transforms remote images referenced through the next/image component. When an application allows external image sources through the images.remotePatterns or images.domains configuration, the optimization endpoint proxies requests to those origins and returns the response to the browser. The vulnerability stems from insufficient validation of the response metadata returned by the upstream source. An attacker controlling a permitted remote source can influence the response so the browser treats it as a downloadable file rather than an image. Because the file is served from the victim application's origin, users see a trusted domain in the download prompt. This makes the delivery vector effective for phishing and malware staging.
Root Cause
The root cause is improper input validation [CWE-20] in how the Image Optimization handler processes upstream HTTP responses. The handler did not adequately sanitize or constrain headers and content returned from external image hosts before passing them to the client. Combined with permissive remotePatterns configurations, this allowed non-image payloads and attacker-controlled filenames to flow through the optimizer.
Attack Vector
Exploitation requires user interaction. An attacker hosts a malicious resource on a domain already trusted by the target Next.js application's image configuration, or convinces a developer to permit such a domain. The attacker then lures a victim to a crafted URL on the Next.js application that points the image optimizer at the malicious resource. The browser receives a response that triggers a file download from the legitimate application origin, with attacker-chosen content and filename. Confidentiality is not directly affected, but integrity of delivered content is compromised.
No public proof-of-concept exploit code is available. Refer to the GitHub Security Advisory GHSA-xv57-4mr9-wg8v and the Vercel Changelog for CVE-2025-55173 for vendor-provided technical details.
Detection Methods for CVE-2025-55173
Indicators of Compromise
- Requests to the Next.js image optimization endpoint (typically /_next/image) with url parameters pointing to unexpected or recently added external hosts.
- HTTP responses from the image optimizer containing Content-Disposition: attachment headers or non-image MIME types.
- Spikes in outbound fetches from the application server to external domains listed under images.remotePatterns.
Detection Strategies
- Inventory all running Next.js applications and compare their declared version against the fixed releases 14.2.31 and 15.4.5.
- Review web server and CDN logs for /_next/image?url= requests that resolve to non-image content types or large response sizes.
- Audit the next.config.js file in every project for overly broad remotePatterns or wildcard domains entries.
Monitoring Recommendations
- Forward application access logs and CDN logs to a central analytics platform and alert on anomalous Content-Disposition headers served from the application origin.
- Monitor user download telemetry from managed endpoints for files originating from internal Next.js application domains that do not normally serve attachments.
- Track changes to next.config.js and image configuration in source control to detect unauthorized additions to allowed remote hosts.
How to Mitigate CVE-2025-55173
Immediate Actions Required
- Upgrade Next.js to version 14.2.31 for the 14.x branch or 15.4.5 for the 15.x branch.
- Audit images.remotePatterns and images.domains in next.config.js and remove any sources that are not strictly required.
- Restrict remote image hosts to specific paths and protocols rather than wildcard domains.
Patch Information
Vercel released fixes in Next.js 14.2.31 and 15.4.5. The corrective change is published in the upstream commit 6b12c60. Application owners should rebuild and redeploy after upgrading the next dependency. Self-hosted deployments behind a reverse proxy or CDN must also invalidate cached responses generated by the vulnerable optimizer.
Workarounds
- Disable external image sources by removing all entries from images.remotePatterns and images.domains until patches are applied.
- Place a reverse proxy or CDN rule in front of /_next/image that strips Content-Disposition headers and enforces image MIME types on responses.
- Configure a Content Security Policy that restricts img-src to first-party origins to reduce the attack surface for image-based content injection.
# Upgrade Next.js to a patched version
npm install next@14.2.31
# or for the 15.x branch
npm install next@15.4.5
# Verify installed version
npx next --version
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
