@giido.bsky.social
Reposted
Here is a recent vulnerability disclosed for Next.js:
For sites using the Next.js middleware for auth, an attacker could bypass the Next.js middleware to get to any page, skipping auth checks here:
BUT.
If the site has more auth checks later, it wouldn’t necessarily load
For sites using the Next.js middleware for auth, an attacker could bypass the Next.js middleware to get to any page, skipping auth checks here:
BUT.
If the site has more auth checks later, it wouldn’t necessarily load
Next.js and the corrupt middleware: the authorizing artifact
CVE-2025-29927
zhero-web-sec.github.io
March 23, 2025 at 7:57 AM
Here is a recent vulnerability disclosed for Next.js:
For sites using the Next.js middleware for auth, an attacker could bypass the Next.js middleware to get to any page, skipping auth checks here:
BUT.
If the site has more auth checks later, it wouldn’t necessarily load
For sites using the Next.js middleware for auth, an attacker could bypass the Next.js middleware to get to any page, skipping auth checks here:
BUT.
If the site has more auth checks later, it wouldn’t necessarily load