Platform
The Netlify Platform

Instantly build and deploy your apps to our global network from Git. Custom domains, https, deploy previews, rollbacks and much more.
- Explore the platform
Key Features
Solutions
Why Netlify?
Use Cases
Don’t see your solution? We can help. Chat with a Netlify expert
Developers
Where to start
Project kickstarts
Resources
Pricing
Contact
Log in

Security Update: Next.js sites on Netlify not vulnerable to CVE-2025-32421

May 15, 2025

The Next.js team recently disclosed CVE-2025-32421, a low-severity vulnerability allowing for CDN cache poisoning in some scenarios.

The engineering team at Netlify has confirmed that all Next.js sites on Netlify are not vulnerable. The vulnerability requires use of a CDN that may cache responses without explicit Cache-Control headers, but Netlify’s CDN never does so.

As a general security precaution, we recommend upgrading to the latest versions of the Next.js framework and allowing automatic updates of the OpenNext Netlify Next.js adapter.