[CVE-2025-27415] Nuxt allows DOS via cache poisoning, is Cloudflare impacted?

vnea · March 24, 2025, 2:49pm

I am using Nuxt v3.15 and for the moment I can’t update to v3.16 to fix the CVE-2025-27415. Can you tell me if Cloudflare is impacted or not?

vnea · March 24, 2025, 2:51pm

cscharff · March 24, 2025, 5:54pm

If you’ve configured Cloudflare to ignore query strings, then this nuxt vulnerability would impact the resources cached at Cloudflare.

it appears this has been patched in 3.16.0 so you’d likely want to upgrade regardless of your settings in Cloudflare.

vnea · March 24, 2025, 7:14pm

Thank you, I am fine then!

Yes, it’s just I can’t update to 3.16.0 right now but I will in the next days.

system · March 26, 2025, 7:15pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Is cloudflare impacted by vulnerability CVE-2023-6549 or CVE-2023-6548? Security	2	433	February 6, 2024
Enquiry on CVE-2021-40539 Security	3	693	October 4, 2023
Cloudflare is not affected by the OpenSSL vulnerabilities Security Blog	1	1208	November 18, 2022
Loop DoS – Threatening Over 300K Systems Website, Application, Performance	0	349	March 24, 2024
Actual CVE-2021-44228 payloads captured in the wild Security Blog , Log4J	1	2170	January 1, 2022