CVE-2025-29927

Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.

Published: Mar 21, 2025
Updated: Jun 30, 2025
CVE: CVE-2025-29927
GHSA: GHSA-f82v-jwr5-mffw
Severity: Critical
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWEs:

CWE-285

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
next	13.0.0	13.5.9
next	14.0.0	14.2.25
next	15.0.0	15.2.3
next	11.1.4	12.3.5

http://www.openwall.com/lists/oss-security/2025/03/23/3
http://www.openwall.com/lists/oss-security/2025/03/23/4
https://github.com/vercel/next.js/commit/52a078da3884efe6501613c7834a3d02a91676d2
https://github.com/vercel/next.js/commit/5fd3ae8f8542677c6294f32d18022731eab6fe48
https://github.com/vercel/next.js/releases/tag/v12.3.5
https://github.com/vercel/next.js/releases/tag/v13.5.9
https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw
https://security.netapp.com/advisory/ntap-20250328-0002
https://security.netapp.com/advisory/ntap-20250328-0002/
https://vercel.com/changelog/vercel-firewall-proactively-protects-against-vulnerability-with-middleware

Vulnerability Database

289,697

CVE-2025-29927