Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks – The Hacker News

by [email protected] (The Hacker News) · March 24, 2025

A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions.
The vulnerability, tracked as CVE-2025-29927, carries a CVSS score of 9.1 out of 10.0.
“Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops,” Next.js said in an –

Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks – The Hacker News

Leave a Reply Cancel reply

Recent Posts