CVE-2025-66478: Experimental PPR and patches to use experimental features in a stable versions #86813

icyJoseph · 2025-12-04T10:57:53Z

icyJoseph
Dec 4, 2025
Maintainer

Background

As part of CVE-2025-66478, the Next.js team patched every v15 minor with fixes to protect developers.

If you’re relying on experimental features from the 15.x.x canary builds, try upgrading to 15.6.0-canary.58, which reintroduces the experimental.ppr flag and applies the CVE patch.

Patches

If you cannot upgrade to 15.6.0-canary.58, you can upgrade to the nearest safe stable version and apply the associated patch to allow features that are normally gated on canary releases

Each patch below is separated based on whether you are using pnpm and can patch using pnpm.patchedDependencies or npm / yarn via patch-package.

v16.0.7

pnpm:

[email protected]

diff --git a/dist/esm/server/config.js b/dist/esm/server/config.js
index 52e89a4edeb3154fae83a26c5d9e86d747109ee2..dd1b92e89837065c3a40e2b8a4b3736e4bd1a2cc 100644
--- a/dist/esm/server/config.js
+++ b/dist/esm/server/config.js
@@ -254,7 +254,7 @@ function warnCustomizedOption(config, key, defaultValue, customMessage, configFi
             configurable: true
         });
     }
-    if (isStableBuild()) {
+    if (false && isStableBuild()) {
         var _result_experimental6;
         // Prevents usage of certain experimental features outside of canary
         if ((_result_experimental6 = result.experimental) == null ? void 0 : _result_experimental6.turbopackFileSystemCacheForBuild) {
diff --git a/dist/server/config.js b/dist/server/config.js
index 16609b9282667b5888ce49f7f1359f33e0937e5e..75f8b418ded0b09a063c7dff95bf3df3ae2b50f1 100644
--- a/dist/server/config.js
+++ b/dist/server/config.js
@@ -328,7 +328,7 @@ function warnCustomizedOption(config, key, defaultValue, customMessage, configFi
             configurable: true
         });
     }
-    if ((0, _canaryonlyconfigerror.isStableBuild)()) {
+    if (false && (0, _canaryonlyconfigerror.isStableBuild)()) {
         var _result_experimental6;
         // Prevents usage of certain experimental features outside of canary
         if ((_result_experimental6 = result.experimental) == null ? void 0 : _result_experimental6.turbopackFileSystemCacheForBuild) {

patch-package:

next+16.0.7.patch

diff --git a/node_modules/next/dist/esm/server/config.js b/node_modules/next/dist/esm/server/config.js
index 52e89a4edeb3154fae83a26c5d9e86d747109ee2..dd1b92e89837065c3a40e2b8a4b3736e4bd1a2cc 100644
--- a/node_modules/next/dist/esm/server/config.js
+++ b/node_modules/next/dist/esm/server/config.js
@@ -254,7 +254,7 @@ function warnCustomizedOption(config, key, defaultValue, customMessage, configFi
             configurable: true
         });
     }
-    if (isStableBuild()) {
+    if (false && isStableBuild()) {
         var _result_experimental6;
         // Prevents usage of certain experimental features outside of canary
         if ((_result_experimental6 = result.experimental) == null ? void 0 : _result_experimental6.turbopackFileSystemCacheForBuild) {
diff --git a/node_modules/next/dist/server/config.js b/node_modules/next/dist/server/config.js
index 16609b9282667b5888ce49f7f1359f33e0937e5e..75f8b418ded0b09a063c7dff95bf3df3ae2b50f1 100644
--- a/node_modules/next/dist/server/config.js
+++ b/node_modules/next/dist/server/config.js
@@ -328,7 +328,7 @@ function warnCustomizedOption(config, key, defaultValue, customMessage, configFi
             configurable: true
         });
     }
-    if ((0, _canaryonlyconfigerror.isStableBuild)()) {
+    if (false && (0, _canaryonlyconfigerror.isStableBuild)()) {
         var _result_experimental6;
         // Prevents usage of certain experimental features outside of canary
         if ((_result_experimental6 = result.experimental) == null ? void 0 : _result_experimental6.turbopackFileSystemCacheForBuild) {

v15.5.7

pnpm:

[email protected]

diff --git a/dist/esm/server/config.js b/dist/esm/server/config.js
index b761a689b3282e8fea9f34019933e999c46a7112..60477261cc416ac0f2af0029fa30f29c0fb29938 100644
--- a/dist/esm/server/config.js
+++ b/dist/esm/server/config.js
@@ -228,7 +228,7 @@ function assignDefaults(dir, userConfig, silent) {
             configurable: true
         });
     }
-    if (isStableBuild()) {
+    if (false && isStableBuild()) {
         var _result_experimental6, _result_experimental7, _result_experimental8;
         // Prevents usage of certain experimental features outside of canary
         if ((_result_experimental6 = result.experimental) == null ? void 0 : _result_experimental6.ppr) {
diff --git a/dist/server/config.js b/dist/server/config.js
index 75c1402ab56714ac75957732ffe990312b8e1a52..1d68067c0185b6d910707501dbab5036267a9fcb 100644
--- a/dist/server/config.js
+++ b/dist/server/config.js
@@ -302,7 +302,7 @@ function assignDefaults(dir, userConfig, silent) {
             configurable: true
         });
     }
-    if ((0, _canaryonly.isStableBuild)()) {
+    if (false && (0, _canaryonly.isStableBuild)()) {
         var _result_experimental6, _result_experimental7, _result_experimental8;
         // Prevents usage of certain experimental features outside of canary
         if ((_result_experimental6 = result.experimental) == null ? void 0 : _result_experimental6.ppr) {

patch-package:

next+15.5.7.patch

diff --git a/node_modules/next/dist/esm/server/config.js b/node_modules/next/dist/esm/server/config.js
index b761a689b3282e8fea9f34019933e999c46a7112..60477261cc416ac0f2af0029fa30f29c0fb29938 100644
--- a/node_modules/next/dist/esm/server/config.js
+++ b/node_modules/next/dist/esm/server/config.js
@@ -228,7 +228,7 @@ function assignDefaults(dir, userConfig, silent) {
             configurable: true
         });
     }
-    if (isStableBuild()) {
+    if (false && isStableBuild()) {
         var _result_experimental6, _result_experimental7, _result_experimental8;
         // Prevents usage of certain experimental features outside of canary
         if ((_result_experimental6 = result.experimental) == null ? void 0 : _result_experimental6.ppr) {
diff --git a/node_modules/next/dist/server/config.js b/node_modules/next/dist/server/config.js
index 75c1402ab56714ac75957732ffe990312b8e1a52..1d68067c0185b6d910707501dbab5036267a9fcb 100644
--- a/node_modules/next/dist/server/config.js
+++ b/node_modules/next/dist/server/config.js
@@ -302,7 +302,7 @@ function assignDefaults(dir, userConfig, silent) {
             configurable: true
         });
     }
-    if ((0, _canaryonly.isStableBuild)()) {
+    if (false && (0, _canaryonly.isStableBuild)()) {
         var _result_experimental6, _result_experimental7, _result_experimental8;
         // Prevents usage of certain experimental features outside of canary
         if ((_result_experimental6 = result.experimental) == null ? void 0 : _result_experimental6.ppr) {

v15.3.6

pnpm:

[email protected]

diff --git a/dist/esm/server/config.js b/dist/esm/server/config.js
index 00256e4290a91df66ceb3ac7fdf8d6f0527d2a7d..e65c575ab2d96e507d2edfc7c5d251f02a09c281 100644
--- a/dist/esm/server/config.js
+++ b/dist/esm/server/config.js
@@ -190,7 +190,7 @@ function assignDefaults(dir, userConfig, silent) {
             configurable: true
         });
     }
-    if (isStableBuild()) {
+    if (false && isStableBuild()) {
         var _result_experimental4, _result_experimental5, _result_experimental6, _result_experimental7;
         // Prevents usage of certain experimental features outside of canary
         if ((_result_experimental4 = result.experimental) == null ? void 0 : _result_experimental4.ppr) {
diff --git a/dist/server/config.js b/dist/server/config.js
index cb980093a061e28051a0a7394c934925420fb6ee..71e58685d3c75b27fbafa8a418885882d91605d4 100644
--- a/dist/server/config.js
+++ b/dist/server/config.js
@@ -269,7 +269,7 @@ function assignDefaults(dir, userConfig, silent) {
             configurable: true
         });
     }
-    if ((0, _canaryonly.isStableBuild)()) {
+    if (false && (0, _canaryonly.isStableBuild)()) {
         var _result_experimental4, _result_experimental5, _result_experimental6, _result_experimental7;
         // Prevents usage of certain experimental features outside of canary
         if ((_result_experimental4 = result.experimental) == null ? void 0 : _result_experimental4.ppr) {

patch-package:

next+15.3.6.patch

diff --git a/node_modules/next/dist/esm/server/config.js b/node_modules/next/dist/esm/server/config.js
index 00256e4290a91df66ceb3ac7fdf8d6f0527d2a7d..e65c575ab2d96e507d2edfc7c5d251f02a09c281 100644
--- a/node_modules/next/dist/esm/server/config.js
+++ b/node_modules/next/dist/esm/server/config.js
@@ -190,7 +190,7 @@ function assignDefaults(dir, userConfig, silent) {
             configurable: true
         });
     }
-    if (isStableBuild()) {
+    if (false && isStableBuild()) {
         var _result_experimental4, _result_experimental5, _result_experimental6, _result_experimental7;
         // Prevents usage of certain experimental features outside of canary
         if ((_result_experimental4 = result.experimental) == null ? void 0 : _result_experimental4.ppr) {
diff --git a/node_modules/next/dist/server/config.js b/node_modules/next/dist/server/config.js
index cb980093a061e28051a0a7394c934925420fb6ee..71e58685d3c75b27fbafa8a418885882d91605d4 100644
--- a/node_modules/next/dist/server/config.js
+++ b/node_modules/next/dist/server/config.js
@@ -269,7 +269,7 @@ function assignDefaults(dir, userConfig, silent) {
             configurable: true
         });
     }
-    if ((0, _canaryonly.isStableBuild)()) {
+    if (false && (0, _canaryonly.isStableBuild)()) {
         var _result_experimental4, _result_experimental5, _result_experimental6, _result_experimental7;
         // Prevents usage of certain experimental features outside of canary
         if ((_result_experimental4 = result.experimental) == null ? void 0 : _result_experimental4.ppr) {

v15.2.6

pnpm:

[email protected]

diff --git a/dist/esm/server/config.js b/dist/esm/server/config.js
index 26a677f614c1750c138b59bf81e2b45f0805c1e8..831b02f11df04506e811a272d158774312ddd336 100644
--- a/dist/esm/server/config.js
+++ b/dist/esm/server/config.js
@@ -189,7 +189,7 @@ function assignDefaults(dir, userConfig, silent) {
             configurable: true
         });
     }
-    if (isStableBuild()) {
+    if (false && isStableBuild()) {
         var _result_experimental7, _result_experimental8, _result_experimental_turbo3, _result_experimental9, _result_experimental10;
         // Prevents usage of certain experimental features outside of canary
         if ((_result_experimental7 = result.experimental) == null ? void 0 : _result_experimental7.ppr) {
diff --git a/dist/server/config.js b/dist/server/config.js
index 016ea4aba4aca35b5bdce5d89a86e1af4856fe9e..5c6c4df4bff558bf4e14eb0c81db35ce4b8bf2f9 100644
--- a/dist/server/config.js
+++ b/dist/server/config.js
@@ -268,7 +268,7 @@ function assignDefaults(dir, userConfig, silent) {
             configurable: true
         });
     }
-    if ((0, _canaryonly.isStableBuild)()) {
+    if (false && (0, _canaryonly.isStableBuild)()) {
         var _result_experimental7, _result_experimental8, _result_experimental_turbo3, _result_experimental9, _result_experimental10;
         // Prevents usage of certain experimental features outside of canary
         if ((_result_experimental7 = result.experimental) == null ? void 0 : _result_experimental7.ppr) {

patch-package:

next+15.2.6.patch

diff --git a/node_modules/next/dist/esm/server/config.js b/node_modules/next/dist/esm/server/config.js
index 26a677f614c1750c138b59bf81e2b45f0805c1e8..831b02f11df04506e811a272d158774312ddd336 100644
--- a/node_modules/next/dist/esm/server/config.js
+++ b/node_modules/next/dist/esm/server/config.js
@@ -189,7 +189,7 @@ function assignDefaults(dir, userConfig, silent) {
             configurable: true
         });
     }
-    if (isStableBuild()) {
+    if (false && isStableBuild()) {
         var _result_experimental7, _result_experimental8, _result_experimental_turbo3, _result_experimental9, _result_experimental10;
         // Prevents usage of certain experimental features outside of canary
         if ((_result_experimental7 = result.experimental) == null ? void 0 : _result_experimental7.ppr) {
diff --git a/node_modules/next/dist/server/config.js b/node_modules/next/dist/server/config.js
index 016ea4aba4aca35b5bdce5d89a86e1af4856fe9e..5c6c4df4bff558bf4e14eb0c81db35ce4b8bf2f9 100644
--- a/node_modules/next/dist/server/config.js
+++ b/node_modules/next/dist/server/config.js
@@ -268,7 +268,7 @@ function assignDefaults(dir, userConfig, silent) {
             configurable: true
         });
     }
-    if ((0, _canaryonly.isStableBuild)()) {
+    if (false && (0, _canaryonly.isStableBuild)()) {
         var _result_experimental7, _result_experimental8, _result_experimental_turbo3, _result_experimental9, _result_experimental10;
         // Prevents usage of certain experimental features outside of canary
         if ((_result_experimental7 = result.experimental) == null ? void 0 : _result_experimental7.ppr) {

v15.1.9

pnpm:

[email protected]

diff --git a/dist/esm/server/config.js b/dist/esm/server/config.js
index f3660c76f9e2b9ca3642d6e4c4b0f28b4f08bda8..9b1112dc786efd2efa9fd182c08d5d1c6fb3ddae 100644
--- a/dist/esm/server/config.js
+++ b/dist/esm/server/config.js
@@ -155,7 +155,7 @@ function assignDefaults(dir, userConfig, silent) {
     if (((_result_experimental = result.experimental) == null ? void 0 : _result_experimental.allowDevelopmentBuild) && process.env.NODE_ENV !== 'development') {
         throw new Error(`The experimental.allowDevelopmentBuild option requires NODE_ENV to be explicitly set to 'development'.`);
     }
-    if (!((_process_env___NEXT_VERSION = "15.1.9") == null ? void 0 : _process_env___NEXT_VERSION.includes('canary')) && !process.env.__NEXT_TEST_MODE && !process.env.NEXT_PRIVATE_SKIP_CANARY_CHECK) {
+    if (false && !((_process_env___NEXT_VERSION = "15.1.9") == null ? void 0 : _process_env___NEXT_VERSION.includes('canary')) && !process.env.__NEXT_TEST_MODE && !process.env.NEXT_PRIVATE_SKIP_CANARY_CHECK) {
         var _result_experimental7, _result_experimental8, _result_experimental_turbo3, _result_experimental9;
         // Prevents usage of certain experimental features outside of canary
         if ((_result_experimental7 = result.experimental) == null ? void 0 : _result_experimental7.ppr) {
diff --git a/dist/server/config.js b/dist/server/config.js
index dfb25024399d9c23f3932db58d0e3aa3235ed2bc..579925850e7a2c5072655f8131d4f31b71a66d86 100644
--- a/dist/server/config.js
+++ b/dist/server/config.js
@@ -234,7 +234,7 @@ function assignDefaults(dir, userConfig, silent) {
     if (((_result_experimental = result.experimental) == null ? void 0 : _result_experimental.allowDevelopmentBuild) && process.env.NODE_ENV !== 'development') {
         throw new Error(`The experimental.allowDevelopmentBuild option requires NODE_ENV to be explicitly set to 'development'.`);
     }
-    if (!((_process_env___NEXT_VERSION = "15.1.9") == null ? void 0 : _process_env___NEXT_VERSION.includes('canary')) && !process.env.__NEXT_TEST_MODE && !process.env.NEXT_PRIVATE_SKIP_CANARY_CHECK) {
+    if (false && !((_process_env___NEXT_VERSION = "15.1.9") == null ? void 0 : _process_env___NEXT_VERSION.includes('canary')) && !process.env.__NEXT_TEST_MODE && !process.env.NEXT_PRIVATE_SKIP_CANARY_CHECK) {
         var _result_experimental7, _result_experimental8, _result_experimental_turbo3, _result_experimental9;
         // Prevents usage of certain experimental features outside of canary
         if ((_result_experimental7 = result.experimental) == null ? void 0 : _result_experimental7.ppr) {

patch-package:

next+15.1.9.patch

diff --git a/node_modules/next/dist/esm/server/config.js b/node_modules/next/dist/esm/server/config.js
index f3660c76f9e2b9ca3642d6e4c4b0f28b4f08bda8..9b1112dc786efd2efa9fd182c08d5d1c6fb3ddae 100644
--- a/node_modules/next/dist/esm/server/config.js
+++ b/node_modules/next/dist/esm/server/config.js
@@ -155,7 +155,7 @@ function assignDefaults(dir, userConfig, silent) {
     if (((_result_experimental = result.experimental) == null ? void 0 : _result_experimental.allowDevelopmentBuild) && process.env.NODE_ENV !== 'development') {
         throw new Error(`The experimental.allowDevelopmentBuild option requires NODE_ENV to be explicitly set to 'development'.`);
     }
-    if (!((_process_env___NEXT_VERSION = "15.1.9") == null ? void 0 : _process_env___NEXT_VERSION.includes('canary')) && !process.env.__NEXT_TEST_MODE && !process.env.NEXT_PRIVATE_SKIP_CANARY_CHECK) {
+    if (false && !((_process_env___NEXT_VERSION = "15.1.9") == null ? void 0 : _process_env___NEXT_VERSION.includes('canary')) && !process.env.__NEXT_TEST_MODE && !process.env.NEXT_PRIVATE_SKIP_CANARY_CHECK) {
         var _result_experimental7, _result_experimental8, _result_experimental_turbo3, _result_experimental9;
         // Prevents usage of certain experimental features outside of canary
         if ((_result_experimental7 = result.experimental) == null ? void 0 : _result_experimental7.ppr) {
diff --git a/node_modules/next/dist/server/config.js b/node_modules/next/dist/server/config.js
index dfb25024399d9c23f3932db58d0e3aa3235ed2bc..579925850e7a2c5072655f8131d4f31b71a66d86 100644
--- a/node_modules/next/dist/server/config.js
+++ b/node_modules/next/dist/server/config.js
@@ -234,7 +234,7 @@ function assignDefaults(dir, userConfig, silent) {
     if (((_result_experimental = result.experimental) == null ? void 0 : _result_experimental.allowDevelopmentBuild) && process.env.NODE_ENV !== 'development') {
         throw new Error(`The experimental.allowDevelopmentBuild option requires NODE_ENV to be explicitly set to 'development'.`);
     }
-    if (!((_process_env___NEXT_VERSION = "15.1.9") == null ? void 0 : _process_env___NEXT_VERSION.includes('canary')) && !process.env.__NEXT_TEST_MODE && !process.env.NEXT_PRIVATE_SKIP_CANARY_CHECK) {
+    if (false && !((_process_env___NEXT_VERSION = "15.1.9") == null ? void 0 : _process_env___NEXT_VERSION.includes('canary')) && !process.env.__NEXT_TEST_MODE && !process.env.NEXT_PRIVATE_SKIP_CANARY_CHECK) {
         var _result_experimental7, _result_experimental8, _result_experimental_turbo3, _result_experimental9;
         // Prevents usage of certain experimental features outside of canary
         if ((_result_experimental7 = result.experimental) == null ? void 0 : _result_experimental7.ppr) {

v15.0.5

pnpm:

[email protected]

diff --git a/dist/esm/server/config.js b/dist/esm/server/config.js
index b39424ea516a35c15cb82561375387c8beb7dec2..71fedf3901ff8974a6db587ba465f599fcb6fb72 100644
--- a/dist/esm/server/config.js
+++ b/dist/esm/server/config.js
@@ -155,7 +155,7 @@ function assignDefaults(dir, userConfig, silent) {
     if (((_result_experimental = result.experimental) == null ? void 0 : _result_experimental.allowDevelopmentBuild) && process.env.NODE_ENV !== 'development') {
         throw new Error(`The experimental.allowDevelopmentBuild option requires NODE_ENV to be explicitly set to 'development'.`);
     }
-    if (!((_process_env___NEXT_VERSION = "15.0.5") == null ? void 0 : _process_env___NEXT_VERSION.includes('canary')) && !process.env.__NEXT_TEST_MODE) {
+    if (false && !((_process_env___NEXT_VERSION = "15.0.5") == null ? void 0 : _process_env___NEXT_VERSION.includes('canary')) && !process.env.__NEXT_TEST_MODE) {
         var _result_experimental7, _result_experimental8, _result_experimental_turbo3, _result_experimental9;
         // Prevents usage of certain experimental features outside of canary
         if ((_result_experimental7 = result.experimental) == null ? void 0 : _result_experimental7.ppr) {
diff --git a/dist/server/config.js b/dist/server/config.js
index a9f1ad4918f839146b3f5cac2422f6b7ae2a62fc..2b2261edb88e07e5c7cb7ae1fba793def473b8ab 100644
--- a/dist/server/config.js
+++ b/dist/server/config.js
@@ -234,7 +234,7 @@ function assignDefaults(dir, userConfig, silent) {
     if (((_result_experimental = result.experimental) == null ? void 0 : _result_experimental.allowDevelopmentBuild) && process.env.NODE_ENV !== 'development') {
         throw new Error(`The experimental.allowDevelopmentBuild option requires NODE_ENV to be explicitly set to 'development'.`);
     }
-    if (!((_process_env___NEXT_VERSION = "15.0.5") == null ? void 0 : _process_env___NEXT_VERSION.includes('canary')) && !process.env.__NEXT_TEST_MODE) {
+    if (false && !((_process_env___NEXT_VERSION = "15.0.5") == null ? void 0 : _process_env___NEXT_VERSION.includes('canary')) && !process.env.__NEXT_TEST_MODE) {
         var _result_experimental7, _result_experimental8, _result_experimental_turbo3, _result_experimental9;
         // Prevents usage of certain experimental features outside of canary
         if ((_result_experimental7 = result.experimental) == null ? void 0 : _result_experimental7.ppr) {

patch-package:

next+15.0.5.patch

diff --git a/node_modules/next/dist/esm/server/config.js b/node_modules/next/dist/esm/server/config.js
index b39424ea516a35c15cb82561375387c8beb7dec2..71fedf3901ff8974a6db587ba465f599fcb6fb72 100644
--- a/node_modules/next/dist/esm/server/config.js
+++ b/node_modules/next/dist/esm/server/config.js
@@ -155,7 +155,7 @@ function assignDefaults(dir, userConfig, silent) {
     if (((_result_experimental = result.experimental) == null ? void 0 : _result_experimental.allowDevelopmentBuild) && process.env.NODE_ENV !== 'development') {
         throw new Error(`The experimental.allowDevelopmentBuild option requires NODE_ENV to be explicitly set to 'development'.`);
     }
-    if (!((_process_env___NEXT_VERSION = "15.0.5") == null ? void 0 : _process_env___NEXT_VERSION.includes('canary')) && !process.env.__NEXT_TEST_MODE) {
+    if (false && !((_process_env___NEXT_VERSION = "15.0.5") == null ? void 0 : _process_env___NEXT_VERSION.includes('canary')) && !process.env.__NEXT_TEST_MODE) {
         var _result_experimental7, _result_experimental8, _result_experimental_turbo3, _result_experimental9;
         // Prevents usage of certain experimental features outside of canary
         if ((_result_experimental7 = result.experimental) == null ? void 0 : _result_experimental7.ppr) {
diff --git a/node_modules/next/dist/server/config.js b/node_modules/next/dist/server/config.js
index a9f1ad4918f839146b3f5cac2422f6b7ae2a62fc..2b2261edb88e07e5c7cb7ae1fba793def473b8ab 100644
--- a/node_modules/next/dist/server/config.js
+++ b/node_modules/next/dist/server/config.js
@@ -234,7 +234,7 @@ function assignDefaults(dir, userConfig, silent) {
     if (((_result_experimental = result.experimental) == null ? void 0 : _result_experimental.allowDevelopmentBuild) && process.env.NODE_ENV !== 'development') {
         throw new Error(`The experimental.allowDevelopmentBuild option requires NODE_ENV to be explicitly set to 'development'.`);
     }
-    if (!((_process_env___NEXT_VERSION = "15.0.5") == null ? void 0 : _process_env___NEXT_VERSION.includes('canary')) && !process.env.__NEXT_TEST_MODE) {
+    if (false && !((_process_env___NEXT_VERSION = "15.0.5") == null ? void 0 : _process_env___NEXT_VERSION.includes('canary')) && !process.env.__NEXT_TEST_MODE) {
         var _result_experimental7, _result_experimental8, _result_experimental_turbo3, _result_experimental9;
         // Prevents usage of certain experimental features outside of canary
         if ((_result_experimental7 = result.experimental) == null ? void 0 : _result_experimental7.ppr) {

v15.4.8

pnpm:

[email protected]

diff --git a/dist/esm/server/config.js b/dist/esm/server/config.js
index d342cb73a23676704cb756e2f1fb887277e6838a..c4ef2d30c78b2fabce5949d9c380e51f2e6b8842 100644
--- a/dist/esm/server/config.js
+++ b/dist/esm/server/config.js
@@ -203,7 +203,7 @@ function assignDefaults(dir, userConfig, silent) {
             configurable: true
         });
     }
-    if (isStableBuild()) {
+    if (false && isStableBuild()) {
         var _result_experimental6, _result_experimental7, _result_experimental8, _result_experimental9;
         // Prevents usage of certain experimental features outside of canary
         if ((_result_experimental6 = result.experimental) == null ? void 0 : _result_experimental6.ppr) {
diff --git a/dist/server/config.js b/dist/server/config.js
index ecb4c97d5b9fa090c83da0133f4893a5b57657eb..f06aacbaebc8d857f55f9ada28d69b12910b37e8 100644
--- a/dist/server/config.js
+++ b/dist/server/config.js
@@ -281,7 +281,7 @@ function assignDefaults(dir, userConfig, silent) {
             configurable: true
         });
     }
-    if ((0, _canaryonly.isStableBuild)()) {
+    if (false && (0, _canaryonly.isStableBuild)()) {
         var _result_experimental6, _result_experimental7, _result_experimental8, _result_experimental9;
         // Prevents usage of certain experimental features outside of canary
         if ((_result_experimental6 = result.experimental) == null ? void 0 : _result_experimental6.ppr) {

patch-package:

next+15.4.8.patch

diff --git a/node_modules/next/dist/esm/server/config.js b/node_modules/next/dist/esm/server/config.js
index d342cb73a23676704cb756e2f1fb887277e6838a..c4ef2d30c78b2fabce5949d9c380e51f2e6b8842 100644
--- a/node_modules/next/dist/esm/server/config.js
+++ b/node_modules/next/dist/esm/server/config.js
@@ -203,7 +203,7 @@ function assignDefaults(dir, userConfig, silent) {
             configurable: true
         });
     }
-    if (isStableBuild()) {
+    if (false && isStableBuild()) {
         var _result_experimental6, _result_experimental7, _result_experimental8, _result_experimental9;
         // Prevents usage of certain experimental features outside of canary
         if ((_result_experimental6 = result.experimental) == null ? void 0 : _result_experimental6.ppr) {
diff --git a/node_modules/next/dist/server/config.js b/node_modules/next/dist/server/config.js
index ecb4c97d5b9fa090c83da0133f4893a5b57657eb..f06aacbaebc8d857f55f9ada28d69b12910b37e8 100644
--- a/node_modules/next/dist/server/config.js
+++ b/node_modules/next/dist/server/config.js
@@ -281,7 +281,7 @@ function assignDefaults(dir, userConfig, silent) {
             configurable: true
         });
     }
-    if ((0, _canaryonly.isStableBuild)()) {
+    if (false && (0, _canaryonly.isStableBuild)()) {
         var _result_experimental6, _result_experimental7, _result_experimental8, _result_experimental9;
         // Prevents usage of certain experimental features outside of canary
         if ((_result_experimental6 = result.experimental) == null ? void 0 : _result_experimental6.ppr) {

Instructions

pnpm

Create a new directory called patches
Copy the patch content from above and save it to the patches directory. For [email protected], name the file [email protected]
Add patchedDependencies to package.json:

{
  "name": "patch-package-test",
  "version": "0.1.0",
  "scripts": {
    "dev": "next dev",
    "build": "next build",
    "start": "next start",
    "lint": "eslint"
  },
  "dependencies": {
    "next": "15.3.6",
    "react": "19.2.0",
    "react-dom": "19.2.0"
  },
  "pnpm": {
    "patchedDependencies": {
      "[email protected]": "patches/[email protected]"
    }
  },
  "devDependencies": {
    "@tailwindcss/postcss": "^4",
    "@types/node": "^20",
    "@types/react": "^19",
    "@types/react-dom": "^19",
    "eslint": "^9",
    "eslint-config-next": "16.0.7",
    "tailwindcss": "^4",
    "typescript": "^5"
  }
}

Run pnpm install

yarn/npm

Install patch-package as a dependency
Create a new directory called patches
Copy the patch content from above and save it to the patches directory. For [email protected], name the file next+15.3.6.patch
Update your package.json to add the postinstall script:

{
  "name": "patch-package-test",
  "version": "0.1.0",
  "private": true,
  "scripts": {
    "dev": "next dev",
    "build": "next build",
    "start": "next start",
    "lint": "eslint",
    "postinstall": "patch-package"
  },
  "dependencies": {
    "next": "15.3.6",
    "react": "19.2.0",
    "react-dom": "19.2.0"
  },
  "devDependencies": {
    "@tailwindcss/postcss": "^4",
    "@types/node": "^20",
    "@types/react": "^19",
    "@types/react-dom": "^19",
    "eslint": "^9",
    "eslint-config-next": "16.0.7",
    "patch-package": "^8.0.1",
    "tailwindcss": "^4",
    "typescript": "^5"
  }
}

Run npm install or yarn install

andyf0x · 2025-12-06T00:03:54Z

andyf0x
Dec 6, 2025

We started using use server experimental feature in Next.js 13.4.12. Do you know if we might be impacted by this CVE? I know they included a Next.js 14 canary version that was impacted, but was Next.js 13 considered for this experimental feature? If so, would there be a patch?

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2025-66478: Experimental PPR and patches to use experimental features in a stable versions #86813

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

CVE-2025-66478: Experimental PPR and patches to use experimental features in a stable versions #86813

Uh oh!

Uh oh!

icyJoseph Dec 4, 2025 Maintainer

Background

Patches

v16.0.7

v15.5.7

v15.3.6

v15.2.6

v15.1.9

v15.0.5

v15.4.8

Instructions

pnpm

yarn/npm

Replies: 1 comment

Uh oh!

andyf0x Dec 6, 2025

icyJoseph
Dec 4, 2025
Maintainer

andyf0x
Dec 6, 2025