CVE-2025-59472
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
Next.js has Unbounded Memory Consumption via PPR Resume Endpoint
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| npm | next | >=16.0.0-beta.0,<16.1.5 | 16.1.5 |
| npm | next | >=15.0.0-canary.0,<=15.0.0-canary.205 | |
| npm | next | >=15.0.1-canary.0,<=15.0.1-canary.3 | |
| npm | next | >=15.0.2-canary.0,<=15.0.2-canary.11 | |
| npm | next | >=15.0.3-canary.0,<=15.0.3-canary.9 | |
| npm | next | >=15.0.4-canary.0,<=15.0.4-canary.52 | |
| npm | next | >=15.1.1-canary.0,<=15.1.1-canary.27 | |
| npm | next | >=15.2.0-canary.0,<=15.2.0-canary.77 | |
| npm | next | >=15.2.1-canary.0,<=15.2.1-canary.6 | |
| npm | next | >=15.2.2-canary.0,<=15.2.2-canary.7 | |
| npm | next | >=15.3.0-canary.0,<=15.3.0-canary.46 | |
| npm | next | >=15.3.1-canary.0,<=15.3.1-canary.15 | |
| npm | next | >=15.4.0-canary.0,<=15.4.0-canary.130 | |
| npm | next | >=15.4.2-canary.0,<=15.4.2-canary.56 | |
| npm | next | >=15.5.1-canary.0,<=15.5.1-canary.39 | |
| npm | next | >=15.6.0-canary.0,<15.6.0-canary.61 | 15.6.0-canary.61 |
References
Verify integrity in audit chain (admin only). AS-IS.