CVE-2025-29927 Archives

Next.js Middleware Permission Bypass Vulnerability (CVE-2025-29927)

NSFOCUS | March 24, 2025 | Blog, CVE-2025-29927, Emergency Response, Next.js

Overview Recently, NSFOCUS CERT detected that Next.js issued a security announcement and fixed the middleware permission bypass vulnerability (CVE-2025-29927). Because Next.js lacks effective verification of the source of the x-middleware-subrequest header, when ...

NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.

CVE-2025-29927 – Understanding the Next.js Middleware Vulnerability

strobes | March 24, 2025 | CVE, CVE-2025-29927

When security vulnerabilities appear in popular frameworks, they can affect thousands of websites overnight. That’s exactly what’s happening with a newly discovered vulnerability in Next.js – one of the most... The post ...

Strobes Security