Bug 2392059 (CVE-2025-55173)

Summary: CVE-2025-55173 nextjs: Next.js Content Injection Vulnerability for Image Optimization
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: bkabrda, caswilli, chfoley, gotiwari, jscholz, kaycoth, lball, mvyas, ngough, swoodman, veshanka
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A vulnerability in Next.js Image Optimization allowed attacker-controlled image servers to trigger arbitrary file downloads with custom content and filenames. Exploitation required permissive images.domains or images.remotePatterns and user interaction. Binary-Affected: Next.js Upstream-version-introduced: v14.2.30 Upstream-version-fixed: v15.4.5 and v14.2.31
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2392328, 2392329, 2392330, 2392331, 2392333, 2392334, 2392335, 2392336, 2392325, 2392326, 2392327, 2392332    
Bug Blocks:    

Description OSIDB Bzimport 2025-08-29 23:01:10 UTC 
Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization is vulnerable to content injection. The issue allowed attacker-controlled external image sources to trigger file downloads with arbitrary content and filenames under specific configurations. This behavior could be abused for phishing or malicious file delivery. This vulnerability has been fixed in Next.js versions 14.2.31 and 15.4.5.