Vulnerability CVE-2025-29927 Allows Bypass of Next.js Middleware Authentication

A vulnerability identified as CVE-2025-29927 allows attackers to bypass Next.js middleware-based authentication by manipulating the x-middleware-subrequest internal header. The flaw enables unauthorized access to protected internal status pages without requiring credentials. The issue specifically affects Next.js applications relying on middleware for authorization. No additional technical details, such as affected versions or disclosure dates, were provided in the report. The impact involves unauthorized access to sensitive internal resources.