2 months ago
I believe there was some change in supporting next 15.0.3. My site was down for a few days and it seems cpu usage spiked, I went in and saw an err that I need to upgrade next, deployed and usage wen back down. seems like something was acting out on your end costing me extra
Pinned Solution
2 months ago
you're spot on that this was related to railway/next.js. here's what happened:
railway had a major security incident on dec 16 with vulnerable next.js versions getting exploited by cryptominers. if your service was running a vulnerable version, the malicious process could've kept running until you updated next on dec 29 , which explains the exact timing of your cpu spike dropping.
railway was actually really transparent about this and published an official incident report. they acknowledged it caused fleet-wide resource issues and have since blocked vulnerable versions from deploying.
for the extra costs, reach out to railway support and reference their "december 16 2025 incident report" - mention your service was affected and you had to update next.js to resolve it. they've been handling cases like this and should be able to help with the unexpected usage during that period.
the good news is you caught it and fixed it by updating. just make sure you rotate any api keys/secrets as a precaution (railway recommends this for affected services).
hope this helps clarify what happened
4 Replies
2 months ago
This thread has been marked as public for community involvement, as it does not contain any sensitive or personal information. Any further activity in this thread will be visible to everyone.
Status changed to Open brody • 2 months ago
2 months ago
Can you share some metrics? A simple bot or just an increase on visitors could have increased your usage, I don't think this is related to railway, but I let someone from railway confirm this...
2 months ago
So the CPU and ram drop is directly correlated to me updating next:
Attachments
2 months ago
you're spot on that this was related to railway/next.js. here's what happened:
railway had a major security incident on dec 16 with vulnerable next.js versions getting exploited by cryptominers. if your service was running a vulnerable version, the malicious process could've kept running until you updated next on dec 29 , which explains the exact timing of your cpu spike dropping.
railway was actually really transparent about this and published an official incident report. they acknowledged it caused fleet-wide resource issues and have since blocked vulnerable versions from deploying.
for the extra costs, reach out to railway support and reference their "december 16 2025 incident report" - mention your service was affected and you had to update next.js to resolve it. they've been handling cases like this and should be able to help with the unexpected usage during that period.
the good news is you caught it and fixed it by updating. just make sure you rotate any api keys/secrets as a precaution (railway recommends this for affected services).
hope this helps clarify what happened
Status changed to Solved brody • 2 months ago
domehane
you're spot on that this was related to railway/next.js. here's what happened:railway had a major security incident on dec 16 with vulnerable next.js versions getting exploited by cryptominers. if your service was running a vulnerable version, the malicious process could've kept running until you updated next on dec 29 , which explains the exact timing of your cpu spike dropping.railway was actually really transparent about this and published an official incident report. they acknowledged it caused fleet-wide resource issues and have since blocked vulnerable versions from deploying.for the extra costs, reach out to railway support and reference their "december 16 2025 incident report" - mention your service was affected and you had to update next.js to resolve it. they've been handling cases like this and should be able to help with the unexpected usage during that period.the good news is you caught it and fixed it by updating. just make sure you rotate any api keys/secrets as a precaution (railway recommends this for affected services).hope this helps clarify what happened
2 months ago
Thank you, will reach out!
Status changed to Awaiting Railway Response Railway • about 2 months ago
Status changed to Solved crisog • about 2 months ago