CVE-2025-29927 is a critical vulnerability affecting the Next.js framework, a popular open-source React-based framework used for building full-stack web applications. This vulnerability, present in versions 1.11.4 through 12.3.5, 13.5.9, 14.2.25, and 15.2.3, enables attackers to bypass authorization checks implemented within middleware functions. Middleware, a key component designed to process requests before they reach the application, often handles essential security tasks, including user authentication and authorization.
https://securityvulnerability.io/vulner ... 2025-29927