Overview Recently, NSFOCUS CERT detected that Next.js issued a security announcement and fixed the middleware permission bypass vulnerability (CVE-2025-29927). Because Next.js lacks effective verification of the source of the x-middleware-subrequest header, when configuring to use middleware for authentication and authorization, an unauthenticated attacker can bypass system permission controls by manipulating the x-middleware-subrequest header to access […]

The post Next.js Middleware Permission Bypass Vulnerability (CVE-2025-29927) appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post Next.js Middleware Permission Bypass Vulnerability (CVE-2025-29927) appeared first on Security Boulevard.

NSFOCUS

Source: Security Boulevard
Source Link: https://securityboulevard.com/2025/03/next-js-middleware-permission-bypass-vulnerability-cve-2025-29927/?utm_source=rss&utm_medium=rss&utm_campaign=next-js-middleware-permission-bypass-vulnerability-cve-2025-29927