A severe vulnerability has been identified in Next.js, a popular React framework used for building web applications, under the designation CVE-2025-29927.
This critical flaw allows attackers to bypass security controls implemented by middleware, posing significant risks to authentication, authorization, and security header implementations, as per a report by Zeropath.
The exploit works by manipulating the x-middleware-subrequest header, enabling attackers to circumvent security checks.
For older versions of Next.js (pre-12.2), the header can be constructed as follows:
x-middleware-subrequest: pages/_middleware
In more recent versions, the header requires a repetitive pattern:
x-middleware-subrequest: middleware:middleware:middleware:middleware:middleware
For setups using the src directory, it is necessary to replace middleware with src/middleware.
Affected Products
The following table highlights the versions of Next.js that are affected by this vulnerability:
Product Version | Affected Versions |
Next.js 11.x | 11.1.4 and later (unpatched) |
Next.js 12.x | Unpatched versions |
Next.js 13.x | 13.5.6 and earlier (unpatched) |
Next.js 14.x | Before 14.2.25 |
Next.js 15.x | Before 15.2.3 |
Users are advised to take immediate action to mitigate the risks associated with CVE-2025-29927:
By promptly implementing these measures, users can protect their applications from potential exploits of this critical vulnerability.
The discovery of CVE-2025-29927 emphasizes the importance of staying vigilant and keeping software up to date, especially for widely used frameworks like Next.js.
As always, security updates should be prioritized to safeguard against emerging threats and ensure a secure digital environment.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector emerged…
The Agenda ransomware group, also known as Qilin, has been reported to intensify its attacks…
SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6 million…
F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect servers…
The healthcare sector has emerged as a prime target for cyber attackers, driven by the…
Security researchers have disclosed a chain of critical vulnerabilities affecting SysAid ITSM’s On-Premise solution, enabling…