A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions.The vulnerability, tracked as CVE-2025-29927, carries a CVSS score of 9.1 out of 10.0.”Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops,” Next.js said in an
First seen on thehackernews.com
Jump to article: thehackernews.com/2025/03/critical-nextjs-vulnerability-allows.html
