Next.js: Limited Source Code Exposure Dev Server via App Router - Proactive Insights and Support For Open-Source Applications

In Next.js versions 13.0 to before 15.2.2 a low severity vulnerability CVE-2025-48068 was detected. This vulnerability allows limited source code exposure when the development server is running with the App Router enabled. It can be exploited if a user visits a malicious webpage while npm run dev is active. To address this issue, users should upgrade Next.js to versions 15.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-48068.