Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks,
A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions.
The vulnerability, tracked as CVE-2025-29927, carries a CVSS score of 9.1 out of 10.0.
« Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops, » Next.js said in an
The vulnerability, tracked as CVE-2025-29927, carries a CVSS score of 9.1 out of 10.0.
« Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops, » Next.js said in an
,
A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions.
The vulnerability, tracked as CVE-2025-29927, carries a CVSS score of 9.1 out of 10.0.
« Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops, » Next.js said in an
The vulnerability, tracked as CVE-2025-29927, carries a CVSS score of 9.1 out of 10.0.
« Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops, » Next.js said in an
, ,
https://thehackernews.com/2025/03/critical-nextjs-vulnerability-allows.html