SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying

June 18, 2025

SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying

A Server-Side Request Forgery (SSRF) vulnerability has been discovered in the @opennextjs/cloudflare package, potentially allowing unauthenticated users to abuse the /_next/image endpoint to proxy arb …

Published Date:
Jun 19, 2025 (2 hours, 10 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-6087

CVE-2023-20126

Source: Read More

Previous ArticleCVE-2025-49591 – CryptPad Two-Factor Authentication Path Parameter Bypass

Next Article Critical Auth Bypass Vulnerability (CVE-2025-51381) Found in KAON KCM3100 Gateways

IBM launches new integration to help unify AI security and governance

Meet Accessible UX Research, A Brand-New Smashing Book

Modernizing your approach to governance, risk and compliance

ScyllaDB X Cloud’s autoscaling capabilities meet the needs of unpredictable workloads in real time

RAIDOU Remastered: The Mystery of the Soulless Army Review (PC) – A well-done action-RPG remaster that makes me hopeful for more revivals of classic Atlus titles

With Windows 10 circling the drain, Windows 11 sees a long-overdue surge

This PC app boosts FPS in any game on any GPU for only $7 — and it just got a major update

Sam Altman claims Meta is trying to poach OpenAI staffers with $100 million bonuses, but “none of our best people have decided to take them up on that”

Why Inclusive Design Solutions Are important for Accessibility

Why Inclusive Design Solutions Are important for Accessibility

Microsoft Copilot for Power Platform

Integrate Coveo Atomic CLI-Based Hosted Search Page into Adobe Experience Manager (AEM)

RAIDOU Remastered: The Mystery of the Soulless Army Review (PC) – A well-done action-RPG remaster that makes me hopeful for more revivals of classic Atlus titles

RAIDOU Remastered: The Mystery of the Soulless Army Review (PC) – A well-done action-RPG remaster that makes me hopeful for more revivals of classic Atlus titles

With Windows 10 circling the drain, Windows 11 sees a long-overdue surge

This PC app boosts FPS in any game on any GPU for only $7 — and it just got a major update

SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying

SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying

CISA Flags CVE-2023-0386 as Actively Exploited Linux Kernel Privilege Escalation Threat

Critical Auth Bypass Vulnerability (CVE-2025-51381) Found in KAON KCM3100 Gateways

CVE-2024-7074 – WSO2 SOAP Admin File Upload RCE

CVE-2025-46782 – Apache HTTP Server Unvalidated Request Parameter

Verdansk is coming back to Call of Duty: Warzone, and I’m pretty sure I know which weapon EVERYONE will be putting in their loadouts

CodeSOD: Buff Reading

Development Release: Elive 3.8.48 (Beta)

Segway’s most powerful robot mower is ready for yards of all sizes

“It’s not even funny anymore.” Helldivers 2 players are putting the underwhelming new Warbond on blast, and I’m with them

CVE-2025-4733 – TOTOLINK A3002R/A3002RU HTTP POST Request Handler Buffer Overflow Vulnerability

SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying

SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying

Related Posts