Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks – Source:thehackernews.com

March 24, 2025
Post Author / Publisher: The Hacker News

CISO2CISO post categories: Critical, Cyber Security News, rss-feed-post-generator-echo, The Hacker News

Rate this post

Source: thehackernews.com – Author: .

A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions.
The vulnerability, tracked as CVE-2025-29927, carries a CVSS score of 9.1 out of 10.0.
“Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops,” Next.js said in an

Original Post url: https://thehackernews.com/2025/03/critical-nextjs-vulnerability-allows.html

Category & Tags: –

Views: 2

CISO2CISO post categories: Critical, Cyber Security News, rss-feed-post-generator-echo, The Hacker News

How Much 10 Companies Paid Their Virtual CISO Service in 2022 Benchmark by Nathaniel Cole

How Much 10 Companies Paid...

Tushar Subhra Dutta

Top 10 Cyber Attack Maps to See Digital Threats 2022 by Tushar Subhra Dutta – Cyber Security News.

Top 10 Cyber Attack Maps...

Microsoft Zero Trust Maturity Model

Microsoft Zero Trust Maturity Model

US Deparment of Defense

DevSecOps Fundamentals Guidebook – Tools & Activities by American Deparment of Defense

DevSecOps Fundamentals Guidebook – Tools...

DevSecOps Guides – Comprehensive resource for integrating security into the software development by HADESS

DevSecOps Guides – Comprehensive resource...

Microsoft 365 and the NIST Cybersecurity Framework

Microsoft 365 and the NIST...

The 2024 CISO Burnout Report by Vendict

The 2024 CISO Burnout Report...

Mohammad Alkhudari

Cybersecurity Strong Strategy step by step Guide collected by Mohammad Alkhudari 2024

Cybersecurity Strong Strategy step by...

Marcos Jaimovich

The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.

The Silent Spectre Haunting Your...

Marcos Jaimovich

Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?

Goodbye to Traditional: Why Conventional...

Marcos Jaimovich

Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich

Why do we compare a...

Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio

Security Operations Center (SOC) –...

Retail Threat Landscape Report Q1-Q3 – November 2024 Summary by Cyberint a Check Point Company

Retail Threat Landscape Report Q1-Q3...

Protecting Critical Supply Chains – A Guide to Securing your Supply Chain Ecosystem

Protecting Critical Supply Chains –...

Time to Adapt – The State of Human Risk Management in 2024 by Culture AI.

Time to Adapt – The...

National Cyber Security Centre

Engaging with Boards to improve the management of cyber security risk.

Engaging with Boards to improve...

Microsoft Security

2024 State of Multicloud Security Report by Microsoft Security

2024 State of Multicloud Security...

Inside the Mind of a CISO 2024 The Evolving Roles of Security Leaders 2024 by bugcrowd

Inside the Mind of a...

Mohammad Alkhudari

Cybersecurity Strong Strategy step by step Guide collected by Mohammad Alkhudari 2024

Cybersecurity Strong Strategy step by...

CISO’s Playbookto Cloud Security by Lacework

CISO’s Playbookto Cloud Security by...

MITRE - Carson Zimmerman

Ten Strategies of a World-Class Cybersecurity Operations Center by MITRE

Ten Strategies of a World-Class...

SILVERFRONT - AIG

Identity Has Become the Prime Target of Threat Actors by Silverfort AIG.

Identity Has Become the Prime...

Enterprise Information Security

Enterprise Information Security

IGNITE Technologies

ENCRYPTED REVERSE

ENCRYPTED REVERSE

WORLD BANK GROUP

Global Cybersecurity Capacity Program

Global Cybersecurity Capacity Program

Getting started withsecurity metrics

Getting started withsecurity metrics

Generative AI and the EUDPR.

Generative AI and the EUDPR.

2024 Guide to Application Security Testing Tools

2024 Guide to Application Security Testing Tools

Hacker Culture

Quuensland Govermment

RISK ASSESSMENT PROCESS HANDBOOK

RISK ASSESSMENT PROCESS HANDBOOK

Ministry of MOS Security

HIPAA SIMPLIFIED

HIPAA SIMPLIFIED

How Are Passwords Cracked?

How Are Passwords Cracked?

CIS - Center for Internet Security

How to Plan a Cybersecurity Roadmap in Four Steps

How to Plan a Cybersecurity Roadmap in Four Steps

Information Security Manual

Information Security Manual

Incident Response Playbook: Dark Web Breaches

Incident Response Playbook: Dark Web Breaches

Endpoint Hardening Checklist

Endpoint Hardening Checklist

Important Active Directory Attribute

Important Active Directory Attribute

ISA GLOBAL CYBERSECURITY ALLIANCE

IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards

IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards

IAM Security CHECKLIST

IAM Security CHECKLIST

Hunt Evil

How to protect personal data and comply with regulations

How to protect personal data and comply with regulations

Threat Intelligence Platforms

Threat Intelligence Platforms

CSA Cloud Security Alliance

Hardware Security Module(HSM) as a Service

Hardware Security Module(HSM) as a Service

IGNITE Technologies

CREDENTIAL DUMPING FAKE SERVICES

CREDENTIAL DUMPING FAKE SERVICES

IGNITE Technologies

A Detailed Guide on Covenant

A Detailed Guide on Covenant

Computer Security Incident Handling Guide

Computer Security Incident Handling Guide

IGNITE Technologies

DIGITAL FORENSIC FTK IMAGER

DIGITAL FORENSIC FTK IMAGER

Cloud Security Assessment

Cloud Security Assessment

CISO Reporting Landscape 2024

CISO Reporting Landscape 2024

Reporting Cyber Risk to Boards

Reporting Cyber Risk to Boards

CIOB Artificial Intelligence (AI) Playbook 2024

CIOB Artificial Intelligence (AI) Playbook 2024

INCIBE & SPAIN GOVERNMENT

Nuevas normativas de 2024 de ciberseguridad para vehículos

Nuevas normativas de 2024 de ciberseguridad para vehículos