Overview Recently, NSFOCUS CERT detected that Next.js issued a security announcement and fixed the middleware permission bypass vulnerability (CVE-2025-29927). Because Next.js lacks effective verification of the source of the x-middleware-subrequest header, when configuring to use middleware for authentication and authorization, an unauthenticated attacker can bypass system permission controls by manipulating the x-middleware-subrequest header to access…
Category: CVE-2025-29927
CVE, CVE-2025-29927, Global Security News, Security Bloggers Network
CVE-2025-29927 – Understanding the Next.js Middleware Vulnerability
When security vulnerabilities appear in popular frameworks, they can affect thousands of websites overnight. That’s exactly what’s happening with a newly discovered vulnerability in Next.js – one of the most… The post CVE-2025-29927 – Understanding the Next.js Middleware Vulnerability appeared first on Strobes Security. The post CVE-2025-29927 – Understanding the Next.js Middleware Vulnerability appeared first…