do son 
A newly discovered vulnerability in the popular Nuxt framework could allow attackers to poison CDN caches and disrupt access to full-stack Vue.js applications.
Tracked as CVE-2025-27415 and scored 7.5 on the CVSS scale, this vulnerability affects Nuxt versions 3.0.0 up to but not including 3.16.0. The issue lies in how Nuxt handles certain HTTP requests, particularly ones that resemble: https://yoursite.com/?/_payload.json
“By sending a crafted HTTP request to a server behind a CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site.”
If a CDN ignores the query string while caching content, the JSON response from this payload route can be cached and delivered to all users—rendering a site either broken or completely unavailable.
This vulnerability enables Denial of Service (DoS) attacks through cache poisoning. An attacker can repeatedly poison the cache to maintain a broken state of the website.
“It is also possible in the case where the cache will be reset to make a small script to send a request each X seconds (=caching duration) so that the cache is permanently poisoned making the site completely unavailable.“
Affected & Patched Versions
- Affected: Nuxt versions >3.0.0 and <3.16.0
- Patched: Nuxt v3.16.0
Interestingly, this vulnerability bears a resemblance to a previous Next.js vulnerability, CVE-2024-46982, involving URL parameters and page props.
With over 3.4 million downloads per month, Nuxt is a go-to framework for performant full-stack Vue.js applications. But popularity also makes it a prime target.
For developers working across frameworks, it’s a reminder that URL manipulation and caching logic must be carefully reviewed regardless of stack.
