A critical security vulnerability (CVE-2025-29927) has been discovered in Next.js that allows attackers to completely bypass middleware-based security controls by manipulating the x-middleware-subrequest header. This critical flaw affects authentication flows, authorization controls, path rewriting, and security header implementations across multiple Next.js versions, potentially exposing thousands of web applications to unauthorized access. According to vulnerability researcher […]
The post Critical Next.js Middleware Vulnerability Let Attackers Gain Unauthorized Access appeared first on Cyber Security News.
This article has been indexed from Cyber Security News