On March 21, 2025, a critical authorization bypass vulnerability in Next.js, identified as CVE-2025-29927, was disclosed with a CVSS score of 9.1. This framework’s middleware handling flaw enables attackers to bypass authentication and authorization, exposing sensitive routes to unauthorized access. Exploiting this vulnerability does not require authentication, providing attackers with direct access to protected routes. […]

The post Next.js Vulnerability Exposes Middleware Security Gaps appeared first on Kratikal Blogs - Information Hub For Cyber Security Experts.

The post Next.js Vulnerability Exposes Middleware Security Gaps appeared first on Security Boulevard.

Shikha Dhingra

Source: Security Boulevard
Source Link: https://securityboulevard.com/2025/04/next-js-vulnerability-exposes-middleware-security-gaps/?utm_source=rss&utm_medium=rss&utm_campaign=next-js-vulnerability-exposes-middleware-security-gaps