A newly discovered critical security vulnerability in the Next.js framework, designated CVE-2025-29927, poses a significant threat to web applications by allowing malicious actors to completely bypass authorization mechanisms. This vulnerability arises from improper handling of the x-middleware-subrequest header within Next.js middleware execution, potentially exposing sensitive administrative areas and protected resources to unauthorized access. The vulnerability […]
The post Critical Next.js Framework Vulnerability Let Attackers Bypass Authorization appeared first on Cyber Security News.
This article has been indexed from Cyber Security News
Read the original article: