How Hackers Exploit CVE-2025–29927 in Next.js Like a Pro
1 min read
Summary
A critical vulnerability (CVE-2025-29927) has been discovered in the open-source Next.js web framework that could leave user data and applications open to compromise.
The vulnerability enables attackers to bypass middleware authorisation, gaining unauthorized access to protected resources.
Middleware in Next.js carries out additional processing on incoming requests, such as authentication and modification, before they reach the final route handler.
Developers are advised to ensure they are running versions upgraded since the flaw was fixed to avoid this kind of vulnerability, which risks exposing private data and access to unlogged users.