SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying

June 18, 2025

SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying

A Server-Side Request Forgery (SSRF) vulnerability has been discovered in the @opennextjs/cloudflare package, potentially allowing unauthenticated users to abuse the /_next/image endpoint to proxy arb …

Published Date:
Jun 19, 2025 (2 hours, 10 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-6087

CVE-2023-20126

Source: Read More

Previous ArticleCVE-2025-49591 – CryptPad Two-Factor Authentication Path Parameter Bypass

Next Article Critical Auth Bypass Vulnerability (CVE-2025-51381) Found in KAON KCM3100 Gateways

Representative Line: Brace Yourself

Beyond the Pilot: A Playbook for Enterprise-Scale Agentic AI

GitHub launches MCP Registry to provide central location for trusted servers

MongoDB brings Search and Vector Search to self-managed versions of database

Distribution Release: Security Onion 2.4.180

Distribution Release: Omarchy 3.0.1

Distribution Release: Mauna Linux 25

Distribution Release: SparkyLinux 2025.09

AI Momentum and Perficient’s Inclusion in Analyst Reports – Highlights From 2025 So Far

AI Momentum and Perficient’s Inclusion in Analyst Reports – Highlights From 2025 So Far

Shopping Portal using Python Django & MySQL

Perficient Earns Adobe’s Real-time CDP Specialization

Valve Survey Reveals Slight Retreat in Steam-on-Linux Share

Valve Survey Reveals Slight Retreat in Steam-on-Linux Share

Review: Elecrow’s All-in-one Starter Kit for Pico 2

FOSS Weekly #25.38: GNOME 49 Release, KDE Drama, sudo vs sudo-rs, Local AI on Android and More Linux Stuff

SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying

SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Kali Linux aggiorna la chiave di firma dell’archivio: cosa cambia per gli utenti

CVE-2025-52571 – Hikka Telegram Unauthenticated Account Takeover and Server Compromise Vulnerability

Well done, EA — what may be Battlefield 2042’s final update made me more excited than ever for Battlefield 6

CVE-2025-20298 – Splunk Universal Forwarder Windows Privilege Escalation Vulnerability

CVE-2025-4334 – WordPress Simple User Registration Privilege Escalation Vulnerability

CVE-2022-26304 – Apache HTTP Server Denial of Service

The best VPN services for iPad in 2025: Expert tested and reviewed

CVE-2025-45475 – Maccms SSRF Vulnerability in Friend Link Management

SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying

SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying

Related Posts