Critical Vulnerability in Next.js Middleware Identified

24 Mar 2025

CybersecurityVulnerabilitiesSoftwareSecurityWebApplications

On Friday, March 21, 2025, at 9:00 AM UTC, a security advisory identified as CVE-2025-29927 was published. It reports a critical vulnerability with a severity of 9.1 affecting common Next.js applications. This flaw allows for authorization bypass in the Next.js middleware. Specific technical details and real-world impacts are not mentioned in the article.

Read the original article on snyk.io