Vercel Flags SDK 資訊洩露漏洞安全通告 (CVE-2025-46332)
Original: Information disclosure in Flags SDK (CVE-2025-46332)
Vercel published a security update advisory on May 2, 2025, for its Flags SDK, with the vulnerability identifier **CVE-2025-46332**. This…
Vercel 針對其 Flags SDK 發布了編號為 CVE-2025-46332 的安全通告,指出該 SDK 存在資訊洩露(Information Disclosure)漏洞。此漏洞可能導致未授權的使用者獲取功能旗標(Feature Flags)的配置或敏感上下文資訊。官方已釋出修復版本,強烈建議所有使用 @vercel/flags 的 Next.js 與 Vercel 開發者立即檢查並升級至最新版本以確保系統安全。
Vercel published a security update advisory on May 2, 2025, for its Flags SDK, with the vulnerability identifier **CVE-2025-46332**. This vulnerability is classified as "Information Disclosure" and primarily affects the `@vercel/flags` package, which is used to manage feature flags in the Next.js and Vercel ecosystem.
Free shows the 3-line summary; Pro unlocks the full deep summary (~300 words) so you never have to click through.
See Pro plans →Want the original English / full article?
Read on Vercel Changelog →Summaries are AI-generated; the original article is authoritative.