⚠️ Vulnerable Next.js Application
WARNING: This application is intentionally vulnerable to CVE-2025-55182/CVE-2025-66478. Do not use in production. Use only for WAF testing in isolated environments.
Test Endpoint
This endpoint demonstrates the insecure deserialization vulnerability in Next.js 15.5.0.
Vulnerability Information
- CVE-2025-55182: Critical vulnerability in React Server Components
- CVE-2025-66478: Critical vulnerability in Next.js
- Affected Version: Next.js 15.5.0 (and earlier 15.x versions)
- Fixed Version: Next.js 15.5.7+ or 16.0.7+
- Impact: Remote Code Execution (RCE) via insecure deserialization