Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks

2025-03-24 09:17

A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions. The vulnerability, tracked as CVE-2025-29927, carries a CVSS score of 9.1 out of 10.0. "Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops," Next.js said in an

News URL

https://thehackernews.com/2025/03/critical-nextjs-vulnerability-allows.html

#bypass #critical #middleware #vulnerability #CVE-2025-29927

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2025-03-21	CVE-2025-29927	Next.js is a React framework for building full-stack web applications.	0.0

News URL

Related news

Related Vulnerability