Cyber Security News

Critical Next.js Middleware Vulnerability Allows Attackers to Bypass Authorization

Critical Next.js Middleware Vulnerability Allows Attackers to Bypass AuthorizationCritical Next.js Middleware Vulnerability Allows Attackers to Bypass Authorization

A severe vulnerability has been identified in Next.js, a popular React framework used for building web applications, under the designation CVE-2025-29927.

This critical flaw allows attackers to bypass security controls implemented by middleware, posing significant risks to authentication, authorization, and security header implementations, as per a report by Zeropath.

CVE-2025-29927: Overview

The exploit works by manipulating the x-middleware-subrequest header, enabling attackers to circumvent security checks.

For older versions of Next.js (pre-12.2), the header can be constructed as follows:

x-middleware-subrequest: pages/_middleware

In more recent versions, the header requires a repetitive pattern:

x-middleware-subrequest: middleware:middleware:middleware:middleware:middleware

For setups using the src directory, it is necessary to replace middleware with src/middleware.

Affected Products

The following table highlights the versions of Next.js that are affected by this vulnerability:

Product VersionAffected Versions
Next.js 11.x11.1.4 and later (unpatched)
Next.js 12.xUnpatched versions
Next.js 13.x13.5.6 and earlier (unpatched)
Next.js 14.xBefore 14.2.25
Next.js 15.xBefore 15.2.3

Mitigation Strategies

Users are advised to take immediate action to mitigate the risks associated with CVE-2025-29927:

  1. Update Next.js Version:
    • For those using Next.js 15.x, update to version 15.2.3 or later.
    • For those on Next.js 14.x, update to version 14.2.25 or later.
  2. Edge/Proxy Header Blocking:
    • If updating is not feasible, block the x-middleware-subrequest header at your edge or proxy level. Important: Do not attempt to block the header within the middleware itself.

By promptly implementing these measures, users can protect their applications from potential exploits of this critical vulnerability.

The discovery of CVE-2025-29927 emphasizes the importance of staying vigilant and keeping software up to date, especially for widely used frameworks like Next.js.

As always, security updates should be prioritized to safeguard against emerging threats and ensure a secure digital environment.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Leave a Comment
Share
Published by
Divya
Tags: cyber securityCyber Security NewsVulnerability
1 week ago

Recent Posts

Brinker Named Among “10 Most Promising Defense Tech Startups of 2025”

Brinker, an innovative narrative intelligence platform dedicated to combating disinformation and influence campaigns, has been…

3 hours ago

Hackers Use DeepSeek and Remote Desktop Apps to Deploy TookPS Malware

A recent investigation by cybersecurity researchers has uncovered a large-scale malware campaign leveraging the DeepSeek…

3 hours ago

SmokeLoader Malware Uses Weaponized 7z Archives to Deliver Infostealers

A recent malware campaign has been observed targeting the First Ukrainian International Bank (PUMB), utilizing…

3 hours ago

New Malware Targets Magic Enthusiasts to Steal Logins

A newly discovered malware, dubbed Trojan.Arcanum, is targeting enthusiasts of tarot, astrology, and other esoteric…

3 hours ago

Hackers Exploit Cloudflare for Advanced Phishing Attacks

A sophisticated phishing campaign orchestrated by a Russian-speaking threat actor has been uncovered, revealing the…

3 hours ago

Over 1,500 PostgreSQL Servers Hit by Fileless Malware Attack

A sophisticated malware campaign has compromised over 1,500 PostgreSQL servers, leveraging fileless techniques to deploy…

3 hours ago