|
|
|||
| Rule General Information |
|---|
| Release Date: | 2025-03-27 | |
| Rule Name: | Next.js Middleware Authentication Bypass Vulnerability (CVE-2025-29927) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Next.js is a React framework for building full-stack Web applications. In March 2025, the CVE-2025-29927 Next.js middleware authentication bypass vulnerability was officially disclosed. If the authorization check occurs in the Next.js middleware, an attacker can construct a malicious request to bypass the relevant permission check. The vulnerability was officially fixed in versions 15.2.3, 14.2.25, 13.5.9, 12.3.5, and later. | |
| Impact: | An unauthorized remote attacker can bypass authentication and gain access to the application with specially crafted requests. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Upgrade Next.js to versions 15.2.3, 14.2.25, 13.5.9, 12.3.5 and above. |