Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927)

A critical vulnerability (CVE-2025-29927) in the open source Next.js framework can be exploited by attackers to bypass authorization checks and gain unauthorized access to web pages they should no have access to (e.g., the web app’s admin panel). Vercel – the Cloud platform-as-a-Service company that develops the popular framework – has released security updates fixing it, and has advised users to upgrade as soon as possible. What is Next.js and how does CVE-2025-29927 manifest? Next.js … More → The post Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) appeared first on Help Net Security.
http://news.poseidon-us.com/TJjvZC

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927)

Like this:

Related

More Posts

Chainguard VMs reduces risk and engineering complexity

BrowserStack Private Devices helps organizations comply with stringent security requirements

Cyberhaven enhances Linea AI platform to improve data security

A CISO’s guide to securing AI models

Malwoverview: First response tool for threat hunting

How does your data end up on the dark web?

ISC Stormcast For Wednesday, March 26th, 2025 https://isc.sans.edu/podcastdetail/9380, (Wed, Mar 26th)

[Guest Diary] Leveraging CNNs and Entropy-Based Feature Selection to Identify Potential Malware Artifacts of Interest, (Wed, Mar 26th)

Microsoft unveils Microsoft Security Copilot agents and new protections for AI

These electronics-free robots can walk right off the 3D-printer

Share this:

Like this:

Related

More Posts