SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying

June 18, 2025

SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying

A Server-Side Request Forgery (SSRF) vulnerability has been discovered in the @opennextjs/cloudflare package, potentially allowing unauthenticated users to abuse the /_next/image endpoint to proxy arb …

Published Date:
Jun 19, 2025 (2 hours, 10 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-6087

CVE-2023-20126

Source: Read More

Previous ArticleCVE-2025-49591 – CryptPad Two-Factor Authentication Path Parameter Bypass

Next Article Critical Auth Bypass Vulnerability (CVE-2025-51381) Found in KAON KCM3100 Gateways

React.js for SaaS Platforms: How Top Development Teams Help Startups Launch Faster

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

Is Agile dead in the age of AI?

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

Unplugging these 7 common household devices helped reduce my electricity bills

DistroWatch Weekly, Issue 1133

Anthropic beats OpenAI as the top LLM provider for business – and it’s not even close

I bought Samsung’s Galaxy Watch Ultra 2025 – here’s why I have buyer’s remorse

The details of TC39’s last meeting

The details of TC39’s last meeting

Enhancing Laravel Queries with Reusable Scope Patterns

Everything We Know About Livewire 4

DistroWatch Weekly, Issue 1133

DistroWatch Weekly, Issue 1133

Newelle, a ‘Virtual Assistant’ for GNOME, Hits Version 1.0

Bustle – visualize D-Bus activity

SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying

SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying

CVE-2025-6754 – “WordPress SEO Metrics Privilege Escalation”

CVE-2025-7710 – “Brave Conversion Engine WordPress Facebook Authentication Bypass”

If you think you can do better than Xbox or PlayStation in the Console Wars, you may just want to try out this card game

CISA Warning: Critical Flaw (CVE-2025-5310) Exposes Fueling Station Devices

Driverless cars ‘could be hacked’ warns Institute of Engineering and Technology

CVE-2025-44184 – SourceCodester Best Employee Management System Cross Site Scripting

CVE-2025-6668 – Code-projects Inventory Management System SQL Injection Vulnerability

CVE-2023-28903 – MIB3 Infotainment Unit Integer Overflow Denial-of-Service

CVE-2025-2092 – Checkmk GmbH Checkmk Log File Information Disclosure

EA announces turn-based tactics game Star Wars Zero Company ahead of a full unveiling

SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying

SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying

Related Posts