CVE-2025-29927
Next.js is a React framework for building full-stack web applications. Prior to 14.2.25 and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 14.2.25 and 15.2.3.
- S
Sebastian Kawelke detected CVE-2025-29927 with a risk of 4.55
System updated the risk assessment from 4.55 to 2.27
System recalculated raw risk assessment
- S
Sebastian Kawelke fixed CVE-2025-29927
System updated the risk assessment from 2.27 to 4.55
System recalculated raw risk assessment
System detected CVE-2025-29927 with a risk of 4.55
System removed scanner: container-scanning github.com/l3montree-dev/devguard/cmd/devguard-scanner/container-scanning github.com/l3montree-dev/devguard/cmd/devguard-scanner/container-scanning github.com/l3montree-dev/devguard/cmd/devguard-scanner/container-scanning
System removed scanner: container-scanning github.com/l3montree-dev/devguard/cmd/devguard-scanner/container-scanning
System removed scanner: container-scanning github.com/l3montree-dev/devguard/cmd/devguard-scanner/container-scanning github.com/l3montree-dev/devguard/cmd/devguard-scanner/container-scanning github.com/l3montree-dev/devguard/cmd/devguard-scanner/container-scanning
System removed scanner: container-scanning github.com/l3montree-dev/devguard/cmd/devguard-scanner/container-scanning
Add a comment
Affected component
next