CVE-2025-29927: Next.js Middleware Authorization Bypass

2025-05-01 18:05

In this CVE blog, we explore a vulnerability in Next.js stemming from the improper trust of the x-middleware-subrequest header.

The post CVE-2025-29927: Next.js Middleware Authorization Bypass appeared first on OffSec.

This article has been indexed from OffSec

Read the original article:

CVE-2025-29927: Next.js Middleware Authorization Bypass

Related

← How Amazon red-teamed Alexa+ to keep your kids from ordering 50 pizzas

GDPR Compliance With .NET: Securing Data the Right Way →