See every side of every news story
Get Started
SubscribeLogin
Israel-Hamas Conflict
Baseball
Artificial Intelligence
Natural Disasters
World Cup
Social Media
Amazon
Infrastructure
Vladimir Putin
European Union
Education
Taxes
Donald Trump
Published loading...Updated

Critical flaw in Next.js lets hackers bypass authorization

  • A critical vulnerability in Next.js allows attackers to bypass authorization checks, tracked as CVE-2025-29927, affecting self-hosted versions using 'next start' with 'output: standalone' according to Next.js' security bulletin.
  • The vulnerability enables an attacker to send requests bypassing critical security checks, impacting all Next.js versions before 15.2.3, as stated by researchers Allam Rachid and Allam Yasser.
  • Vercel released a patch for the vulnerability on March 18, 2025, and published a security advisory on March 21, 2025, addressing this critical vulnerability.
  • Concerns linger regarding Vercel's response and communication about the vulnerability, as indicated by CISO Ty Sbano, who noted, 'There has been understandable concern that our communication with partners during this incident did not meet our typical standards.
Insights by Ground AI
Does this summary seem wrong?

15 Articles

All
Left
Center
2
Right
1
CyberScoopCyberScoop
Center

Researchers raise alarm about critical Next.js vulnerability

Researchers warn that attackers could exploit a recently discovered critical vulnerability in the open-source JavaScript framework Next.js to bypass authorization in middleware and gain access to targeted systems. Vercel, the San Francisco-based company that created and maintains Next.js, released a patch for CVE-2025-29927 in Next.js 15.2.3 on March 18 and published a security advisory on March 21. Researchers Allam Rachid and Allam Yasser disc…

Read Full Article
Startups News | Tech NewsStartups News | Tech News
Lean Right

NextJS security flaw: Critical 9.1 vulnerability lets attackers bypass authentication via middleware - Tech Startups

Security researchers have uncovered a major flaw in the Next.js React framework that makes it possible to bypass middleware-based access control. The discovery came last Friday—right after an unlucky developer pushed to production (on a Friday, of all days). Next.js […] The post NextJS security flaw: Critical 9.1 vulnerability lets attackers bypass authentication via middleware first appeared on Tech Startups.

Read Full Article
BleepingComputerBleepingComputer
Center

Critical flaw in Next.js lets hackers bypass authorization

A critical severity vulnerability has been discovered in the Next.js open-source web development framework, potentially allowing attackers to bypass authorization checks.

Read Full Article
Traefik Labs: Makes Networking BoringTraefik Labs: Makes Networking Boring

Security Alert: How Attackers Can Bypass Next.js Middleware With a Single HTTP Header

The Critical Vulnerability Every Next.js Developer Should Know AboutDid you know that a simple HTTP header manipulation could completely bypass your authentication and authorization systems in Next.js applications? Recently, a critical vulnerability (CVE-2025-29927) was disclosed in the popular Next.js framework, allowing attackers to circumvent middleware execution—including security checks—by leveraging an internal header.Understanding Next.js…

Read Full Article
Kali Linux TutorialsKali Linux Tutorials

CVE-2025-29927 : Next.js Middleware Authorization Bypass

A critical vulnerability, CVE-2025-29927, has been identified in Next.js, a React-based web framework by Vercel. This flaw allows attackers to bypass middleware-based authorization checks by exploiting the x-middleware-subrequest header. Middleware in Next.js is widely used for tasks such as path rewriting, server-side redirects, security headers (e.g., CSP), and access control. The vulnerability affects versions 11.1.4 […]

Read Full Article
Tech RadarTech Radar

Critical security flaw in Next.js could spell big trouble for JavaScript users

Users told to ensure to apply the Next.js patch as soon as possible.

·United Kingdom
Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 67% of the sources are Center
67% Center
Factuality

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

The Hacker News broke the news in on Monday, March 24, 2025.
Sources are mostly out of (0)

Similar News Topics

Technology

Technology

Startups

Startups

TikTok

TikTok

Netflix

Netflix

You have read out of your 5 free daily articles.

Join us as a member to unlock exclusive access to diverse content.

News
For You
SearchBlindspotLocal