CVE-2025-27415Acceptance of Extraneous Untrusted Data With Trusted Data in Nuxt

CWE-349Acceptance of Extraneous Untrusted Data With Trusted Data3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 59.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nuxt
Timeline
PublishedMar 19

Description

Nuxt is an open-source web development framework for Vue.js. Prior to 3.16.0, by sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site. It is possible to craft a request, such as https://mysite.com/?/_payload.json which will be rendered as JSON. If the CDN in front of a Nuxt site ignores the query string when determining whether to cache a route, then this JSON response could be served

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDnuxt/nuxt3.0.03.16.0
npmnuxt/nuxt3.0.03.16.0
CVEListV5nuxt/nuxt>= 3.0.0, < 3.16.0

🔴Vulnerability Details

2
GHSA
Nuxt allows DOS via cache poisoning with payload rendering response2025-03-19
OSV
Nuxt allows DOS via cache poisoning with payload rendering response2025-03-19