CVE-2025-29927

Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.

Open

HIGH (7.7)

T
Tim Bastin detected CVE-2025-29927 with a risk of 3.95
docu-update
System
docu-update
System detected CVE-2025-29927 with a risk of 3.95
update-gitlab-integration-dokument
System
update-gitlab-integration-dokument
System detected CVE-2025-29927 with a risk of 3.95
0.1.0
System
0.1.0
System detected CVE-2025-29927 with a risk of 3.95
main
System
docu-update
System
0.1.0
System
update-gitlab-integration-dokument
System
docu-update
System
update-gitlab-integration-dokument
System
0.1.0
System
docu-update
System
update-gitlab-integration-dokument
System
0.1.0
S
Sebastian Kawelke marked CVE-2025-29927 as false positive - component not present
main
Not installed anymore...
System updated the risk assessment from 3.95 to 7.64
0.1.0
System recalculated raw risk assessment
System updated the risk assessment from 3.95 to 7.64
update-gitlab-integration-dokument
System recalculated raw risk assessment
System updated the risk assessment from 3.95 to 7.64
docu-update
System recalculated raw risk assessment
System updated the risk assessment from 3.95 to 7.64
main
System recalculated raw risk assessment
System fixed CVE-2025-29927
0.1.0
System fixed CVE-2025-29927
update-gitlab-integration-dokument
System fixed CVE-2025-29927
docu-update
System fixed CVE-2025-29927
main
System detected CVE-2025-29927 with a risk of 7.65
0.1.0