Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks

Updated on March 24, 2025

A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions.
The vulnerability, tracked as CVE-2025-29927, carries a CVSS score of 9.1 out of 10.0.
“Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops,” Next.js said in an…

Read the rest of the story at Read More

Source: The Hacker News

September 12, 2024 Uncategorized

Urgent: GitLab Patches Critical Flaw All...

July 25, 2024 Uncategorized

6 Types of Applications Security Testing...

December 23, 2024 Uncategorized

Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks

Related posts

Urgent: GitLab Patches Critical Flaw All...

6 Types of Applications Security Testing...

Top 10 Cybersecurity Trends to Expect in...

Leave a Comment Cancel reply

Recent News

Wormable AirPlay Flaws Enable Zero-Click RCE on Apple Devices via Public Wi-Fi

Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed

⚡ Weekly Recap: Nation-State Hacks, Spyware Alerts, Deepfake Malware, Supply Chain Backdoors

Perfection is a Myth. Leverage Isn’t: How Small Teams Can Secure Their Google Workspace

Golden Chickens Deploy TerraStealerV2 to Steal Browser Credentials and Crypto Wallet Data

Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack

Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware

U.S. Charges Yemeni Hacker Behind Black Kingdom Ransomware Targeting 1,500 Systems

TikTok Slammed With €530 Million GDPR Fine for Sending E.U. Data to China

How to Automate CVE and Vulnerability Advisory Response with Tines