Security News > 2025 > March > Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927)
2025-03-24 13:07
A critical vulnerability (CVE-2025-29927) in the open source Next.js framework can be exploited by attackers to bypass authorization checks and gain unauthorized access to web pages they should no have access to (e.g., the web app’s admin panel). Vercel – the Cloud platform-as-a-Service company that develops the popular framework – has released security updates fixing it, and has advised users to upgrade as soon as possible. What is Next.js and how does CVE-2025-29927 manifest? Next.js … More → The post Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) appeared first on Help Net Security.
News URL
Related news
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks (source)
- Siemens Teamcenter vulnerability could allow account takeover (CVE-2025-23363) (source)
- MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) (source)
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-21 | CVE-2025-29927 | Next.js is a React framework for building full-stack web applications. | 0.0 |