URL has been copied successfully!
Next.js Middleware Permission Bypass Vulnerability (CVE-2025-29927)
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

Next.js Middleware Permission Bypass Vulnerability (CVE-2025-29927)


Tags: , , , , ,

Overview Recently, NSFOCUS CERT detected that Next.js issued a security announcement and fixed the middleware permission bypass vulnerability (CVE-2025-29927). Because Next.js lacks effective verification of the source of the x-middleware-subrequest header, when configuring to use middleware for authentication and authorization, an unauthenticated attacker can bypass system permission controls by manipulating the x-middleware-subrequest header to access…The post Next.js Middleware Permission Bypass Vulnerability (CVE-2025-29927) appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

First seen on securityboulevard.com

Jump to article: https://securityboulevard.com/2025/03/next-js-middleware-permission-bypass-vulnerability-cve-2025-29927/

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link

also interesting:

  1. Want to be a cybersecurity pro? Use generative AI to get some simulated training
  2. The 2024 cyberwar playbook: Tricks used by nation-state actors
  3. Cybersecurity Snapshot: Tenable Highlights Risks of AI Use in the Cloud, as UK’s NCSC Offers Tips for Post-Quantum Cryptography Adoption
  4. Volume of attacks on network devices shows need to replace end of life devices quickly