Next.js Vulnerability

Heloise Meyer | March 24, 2025, 3:45 p.m.

Further information on the Next.js (CVE-2025-29927)

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) [Zeljka Zorz, HelpNetSecurity]

Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks [Ravie Lakshmanan, The Hacker News]

CVE-2025-29927 Detail [NIST, NIST]