Skip to main content
Holiday Sale — Get 40% off Vantage for yourself or as a gift
Get Started
SubscribeLogin
Published loading...Updated

Critical flaw in Next.js lets hackers bypass authorization

  • A critical vulnerability in Next.js allows attackers to bypass authorization checks, tracked as CVE-2025-29927, affecting self-hosted versions using 'next start' with 'output: standalone' according to Next.js' security bulletin.
  • The vulnerability enables an attacker to send requests bypassing critical security checks, impacting all Next.js versions before 15.2.3, as stated by researchers Allam Rachid and Allam Yasser.
  • Vercel released a patch for the vulnerability on March 18, 2025, and published a security advisory on March 21, 2025, addressing this critical vulnerability.
  • Concerns linger regarding Vercel's response and communication about the vulnerability, as indicated by CISO Ty Sbano, who noted, 'There has been understandable concern that our communication with partners during this incident did not meet our typical standards.
Insights by Ground AI

17 Articles

Tech RadarTech Radar
Center

Critical security flaw in Next.js could spell big trouble for JavaScript users

Users told to ensure to apply the Next.js patch as soon as possible.

·United Kingdom
Read Full Article
CyberScoopCyberScoop
Center

Researchers raise alarm about critical Next.js vulnerability

Researchers warn that attackers could exploit a recently discovered critical vulnerability in the open-source JavaScript framework Next.js to bypass authorization in middleware and gain access to targeted systems. Vercel, the San Francisco-based company that created and maintains Next.js, released a patch for CVE-2025-29927 in Next.js 15.2.3 on March 18 and published a security advisory on March 21. Researchers Allam Rachid and Allam Yasser disc…

Read Full Article
Startups News | Tech NewsStartups News | Tech News
Lean Right

NextJS security flaw: Critical 9.1 vulnerability lets attackers bypass authentication via middleware - Tech Startups

Security researchers have uncovered a major flaw in the Next.js React framework that makes it possible to bypass middleware-based access control. The discovery came last Friday—right after an unlucky developer pushed to production (on a Friday, of all days). Next.js […] The post NextJS security flaw: Critical 9.1 vulnerability lets attackers bypass authentication via middleware first appeared on Tech Startups.

Read Full Article
BleepingComputerBleepingComputer
Center

Critical flaw in Next.js lets hackers bypass authorization

A critical severity vulnerability has been discovered in the Next.js open-source web development framework, potentially allowing attackers to bypass authorization checks.

Read Full Article
HackReadHackRead

Next.js Middleware Flaw Lets Attackers Bypass Authorization

Researchers have uncovered a critical vulnerability (CVE-2025-29927) in Next.js middleware, allowing authorization bypass. Learn about the exploit and fixes.

Read Full Article
HeiseHeise

JavaScript: UI Component Kit Wijmo brings support for Angular 19

Updated Angular and Next.js support as well as increased accessibility are among the features of the new version 19.

·Germany
Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 75% of the sources are Center
75% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

The Hacker News broke the news in on Monday, March 24, 2025.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

Technology icon

Technology

Startups icon

Startups

TikTok icon

TikTok

Netflix icon

Netflix

Germany icon

Germany

Big Tech and Platforms icon

Big Tech and Platforms

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal