The Hacker News

Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks

A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions. The vulnerability, tracked as CVE-2025-29927, carries a CVSS score of 9.1 out of 10.0. "Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops," Next.js said in an

Mar 24, 2025 - 11:26
 0
Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks
A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions. The vulnerability, tracked as CVE-2025-29927, carries a CVSS score of 9.1 out of 10.0. "Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops," Next.js said in an
Read More

Tags:

Previous Article

Apple is reportedly planning a huge future Apple Watch upgrade to turn it into a...

Next Article

Swiggy Instamart Will Now Deliver Smartphones from Top Brands to Your Door in Ju...

Related Posts

Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks

Blind Eagle Hacks Colombian Institutions Using NTLM Fla...

Mar 11, 2025  0

Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials

Researchers Expose New Polymorphic Attack That Clones B...

Mar 10, 2025  0

PolarEdge Botnet Exploits Cisco and Other Flaws to Hijack ASUS, QNAP, and Synology Devices

PolarEdge Botnet Exploits Cisco and Other Flaws to Hija...

Feb 27, 2025  0