DevGuard Logo

🛡️ DevGuard
Group
/📚 DevGuard Documentation
Repository

Overview
Compliance
Artifacts
Code Risks
Dependency Risks
License Risks
Dependencies

CVE-2025-29927

Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.

Open
HIGH (7.7)
  • logo

    System detected CVE-2025-29927 with a risk of 3.95

    0.1.0
  • logo

    System

    0.1.0
  • logo

    System

    0.1.0
  • logo

    System

    0.1.0
  • logo

    System

    0.1.0
  • logo

    System updated the risk assessment from 3.95 to 7.64

    0.1.0

    System recalculated raw risk assessment

  • logo

    System fixed CVE-2025-29927

    0.1.0
  • logo

    System detected CVE-2025-29927 with a risk of 7.65

    0.1.0

Add a comment

Mark as False Positive
Last calculated at:

Affected component

next

Installed version:
14.2.23
Fixed in:
14.2.25
Show in dependency graph

Quick Fix

Update all Dependencies
Update only next

Management decisions across the organization

GitHubImprintTerms of UsePrivacy
Copyright © 2025 L3montree GmbH and the DevGuard Contributors. All rights reserved. Version 2ab7b793efd72421aea8c3a994ac60202bf1b3a5