SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying

June 18, 2025

SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying

A Server-Side Request Forgery (SSRF) vulnerability has been discovered in the @opennextjs/cloudflare package, potentially allowing unauthenticated users to abuse the /_next/image endpoint to proxy arb …

Published Date:
Jun 19, 2025 (2 hours, 10 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-6087

CVE-2023-20126

Source: Read More

Previous ArticleCVE-2025-49591 – CryptPad Two-Factor Authentication Path Parameter Bypass

Next Article Critical Auth Bypass Vulnerability (CVE-2025-51381) Found in KAON KCM3100 Gateways

React.js for SaaS Platforms: How Top Development Teams Help Startups Launch Faster

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

Is Agile dead in the age of AI?

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

Unplugging these 7 common household devices helped reduce my electricity bills

DistroWatch Weekly, Issue 1133

Anthropic beats OpenAI as the top LLM provider for business – and it’s not even close

I bought Samsung’s Galaxy Watch Ultra 2025 – here’s why I have buyer’s remorse

The details of TC39’s last meeting

The details of TC39’s last meeting

Enhancing Laravel Queries with Reusable Scope Patterns

Everything We Know About Livewire 4

DistroWatch Weekly, Issue 1133

DistroWatch Weekly, Issue 1133

Newelle, a ‘Virtual Assistant’ for GNOME, Hits Version 1.0

Bustle – visualize D-Bus activity

SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying

SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying

CVE-2025-6754 – “WordPress SEO Metrics Privilege Escalation”

CVE-2025-7710 – “Brave Conversion Engine WordPress Facebook Authentication Bypass”

Interleaved Reasoning for Large Language Models via Reinforcement Learning

Perplexity launches “Comet” AI web browser to take on Chrome and Edge — and you can use it today for $200 a month

CVE-2025-4372 – Google Chrome WebAudio Use After Free Vulnerability

Optimize query responses with user feedback using Amazon Bedrock embedding and few-shot prompting

Xbox Cloud Gaming’s “Stream Your Own Game” feature comes to the Xbox PC app — live for Insiders today

CVE-2025-4160 – PCMan FTP Server LS Command Handler Buffer Overflow Vulnerability

Hack the model: Build AI security skills with the GitHub Secure Code Game

CVE-2025-48784 – Soar Cloud HRD Human Resource Management System Authorization Bypass

SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying

SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying

Related Posts