Full Report
The software defect in the widely used open-source JavaScript framework allows attackers to bypass middleware-based authorization. The post Researchers raise alarm about critical Next.js vulnerability appeared first on CyberScoop.
Analysis Summary
Here is the summary of the vulnerability based on the provided context:
# Vulnerability: Next.js Middleware Authorization Bypass
## CVE Details
- CVE ID: CVE-2025-29927
- CVSS Score: 9.1 (Critical)
- CWE: Improper Authentication (Inferred from description)
## Affected Systems
- Products: Next.js (Open-source JavaScript framework)
- Versions: Versions prior to 15.2.3
- Configurations: Applications utilizing `middleware` for authorization or security checks. Deployments outside of Vercel/Netlify environments may be at risk if not patched.
## Vulnerability Description
The vulnerability is an improper authentication defect present in the Next.js source code for several years. It allows an attacker to bypass security checks enforced via middleware by using a specially crafted token or piece of code to trick the system. The flaw can lead to unauthorized access to restricted parts of an application. Secondary impacts include Content Security Bypass and Denial-of-Service (DoS) cache poisoning.
## Exploitation
- Status: Researchers demonstrated capability, but Vercel is not aware of any active exploits in the wild.
- Complexity: Low (Implied by the description of using a "simple token or piece of code").
- Attack Vector: Network
## Impact
- Confidentiality: High (Bypass authorization to access restricted data/content)
- Integrity: High (Potential for content manipulation via DoS cache poisoning)
- Availability: High (Potential for Denial-of-Service via cache poisoning)
## Remediation
### Patches
- Next.js version **15.2.3** (Released March 18)
### Workarounds
- Immediate upgrade to the patched version is strongly recommended.
- Users on platforms like Vercel and Netlify were reportedly not affected by direct hosting issues.
## Detection
- Detection methods focus on monitoring ingress traffic for requests that appear to successfully access protected resources without proper authentication/authorization checks that should have been enforced by middleware.
- **Indicator of Compromise:** Unexpected access to restricted application endpoints shielded by middleware.
## References
- Vendor Advisory: hxxps://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw
- Researcher Blog Post: hxxps://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware
- Changelog mentioning protection: hxxps://vercel.com/changelog/vercel-firewall-proactively-protects-against-vulnerability-with-middleware
- Next.js Blog Post: hxxps://nextjs.org/blog/cve-2025-29927