Skip to main content

Critical Next.js Security Vulnerability Enables Middleware Authorization Bypass

A critical vulnerability has been identified in the Next.js React framework, posing a significant security risk by allowing attackers to bypass middleware-based authorization checks under specific circumstances.

The flaw, identified as CVE-2025-29927, has received a CVSS severity rating of 9.1 out of 10, underscoring its critical nature.

User login