CVE-2025-27415

{"id": "CVE-2025-27415", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-03-19T19:15:47.257", "references": [{"url": "https://github.com/nuxt/nuxt/security/advisories/GHSA-jvhm-gjrh-3h93", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-349"}]}], "descriptions": [{"lang": "en", "value": "Nuxt is an open-source web development framework for Vue.js. Prior to 3.16.0, by sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site. It is possible to craft a request, such as https://mysite.com/?/_payload.json which will be rendered as JSON. If the CDN in front of a Nuxt site ignores the query string when determining whether to cache a route, then this JSON response could be served to future visitors to the site. An attacker can perform this attack to a vulnerable site in order to make a site unavailable indefinitely. It is also possible in the case where the cache will be reset to make a small script to send a request each X seconds (=caching duration) so that the cache is permanently poisoned making the site completely unavailable. This vulnerability is fixed in 3.16.0."}, {"lang": "es", "value": "Nuxt es un framework de desarrollo web de c\u00f3digo abierto para Vue.js. Antes de la versi\u00f3n 3.16.0, al enviar una solicitud HTTP manipulada a un servidor tras una CDN, era posible, en ciertas circunstancias, contaminar la cach\u00e9 de la CDN, lo que afectaba gravemente la disponibilidad de un sitio. Es posible manipular una solicitud, como https://mysite.com/?/_payload.json, que se renderizar\u00eda como JSON. Si la CDN frente a un sitio Nuxt ignora la cadena de consulta al determinar si se debe almacenar en cach\u00e9 una ruta, esta respuesta JSON podr\u00eda enviarse a futuros visitantes del sitio. Un atacante puede realizar este ataque a un sitio vulnerable para inhabilitarlo indefinidamente. Tambi\u00e9n es posible, si se restablece la cach\u00e9, crear un peque\u00f1o script que env\u00ede una solicitud cada X segundos (= duraci\u00f3n de la cach\u00e9), de modo que la cach\u00e9 se inutilice permanentemente, dejando el sitio completamente indisponible. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 3.16.0."}], "lastModified": "2025-12-03T18:44:15.927", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nuxt:nuxt:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D5003E3-17E0-4FD0-8449-637E21A366A2", "versionEndExcluding": "3.16.0", "versionStartIncluding": "3.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}