{ads}

Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks

Written By Monday, 24 March 2025 Add Comment



March 24, 2025 at 02:47PM

A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions. The vulnerability, tracked as CVE-2025-29927, carries a CVSS score of 9.1 out of 10.0. "Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops," Next.js said in an

from The Hacker News https://ift.tt/z9oktxF

0 Response to "Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks"

Post a Comment

Subscribe to: Post Comments (Atom)

Article Top Ads

Central Ads Article 1

Middle Ads Article 2

Article Bottom Ads