CyberSecurityBoard
Sponsor Register Login

Critical Next.js Middleware Vulnerability Let Attackers Gain Unauthorized Access

This critical flaw affects authentication flows, authorization controls, path rewriting, and security header implementations across multiple Next.js versions, potentially exposing thousands of web applications to unauthorized access. The vulnerability affects approximately 10 million weekly downloads of Next.js, potentially compromising security across numerous production systems in critical sectors, including banking and blockchain applications. Next.js middleware serves as a crucial component for implementing authentication checks, path rewriting, server-side redirects, and security headers like Content Security Policy (CSP). Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. This vulnerability reminds us that seemingly minor implementation details in web frameworks can lead to significant security exposures when they are not properly validated against external manipulation. When exploited, attackers can access protected administrative interfaces, bypass authentication requirements, and even circumvent security headers like CSP. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. According to vulnerability researcher Rachid and Yasser Allam (inzo_), the vulnerability exploits a flaw in Next.js middleware that processes the x-middleware-subrequest header. CVE-2025-29927 demonstrates how internal framework mechanisms can create significant security vulnerabilities.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 24 Mar 2025 07:45:04 +0000


Cyber News related to Critical Next.js Middleware Vulnerability Let Attackers Gain Unauthorized Access

CVE-2023-53649 - In the Linux kernel, the following vulnerability has been resolved: ...
2 months ago
Critical flaw in Next.js lets hackers bypass authorization - In Next.js, middleware components run before a request hits an application routing system and serve purposes like authentication, authorization, logging, error handling, redirecting users, applying geo-blocking or rate limits. If it ...
9 months ago Bleepingcomputer.com CVE-2025-29927
Critical Next.js Middleware Vulnerability Let Attackers Gain Unauthorized Access - This critical flaw affects authentication flows, authorization controls, path rewriting, and security header implementations across multiple Next.js versions, potentially exposing thousands of web applications to unauthorized access. The ...
9 months ago Cybersecuritynews.com CVE-2025-29927
Kaspersky Unveils New Flagship Product Line for Business, Kaspersky Next - PRESS RELEASE. Woburn, MA - April 16, 2024 - Today Kaspersky introduced its new flagship product line, Kaspersky Next, combining robust endpoint protection with the transparency and speed of EDR, alongside the visibility and powerful tools of XDR. ...
1 year ago Darkreading.com
Guarding Kubernetes From the Threat Landscape - DZone - If compromised, attackers can exploit these broad permissions to manipulate deployments, introduce malicious code, gain unauthorized access to critical systems, steal sensitive data, or create backdoors for ongoing access. Part of the security ...
1 year ago Feeds.dzone.com
CVE-2017-3230 - Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). Supported versions that are affected are 11.1.1.9, 12.2.1.1 and 12.2.1.2. Easily "exploitable" vulnerability allows ...
6 years ago
CVE-2024-21191 - Vulnerability in the Oracle Enterprise Manager Fusion Middleware Control product of Oracle Fusion Middleware (component: FMW Control Plugin). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged ...
1 year ago Tenable.com
CVE-2020-14607 - Vulnerability in the Oracle Fusion Middleware MapViewer product of Oracle Fusion Middleware (component: Tile Server). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker ...
5 years ago
Dual Privilege Escalation Chain: Exploiting Monitoring and Service Mesh Configurations and Privileges in GKE to Gain Unauthorized Access in Kubernetes - While each issue might not result in significant damage on its own, when combined they create an opportunity for an attacker who already has access to a Kubernetes cluster to escalate their privileges. If an attacker has the ability to execute in the ...
1 year ago Unit42.paloaltonetworks.com
CVE-2020-2614 - Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: APM Mesh). Supported versions that are affected are 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker ...
3 years ago
CVE-2021-2008 - Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: FMW Control Plugin). The supported version that is affected are 11.1.1.9 and 12.2.1.3 Easily exploitable vulnerability allows ...
4 years ago
CVE-2020-14608 - Vulnerability in the Oracle Fusion Middleware MapViewer product of Oracle Fusion Middleware (component: Tile Server). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network ...
5 years ago
CVE-2023-48309 - NextAuth.js provides authentication for Next.js. `next-auth` applications prior to version 4.24.5 that rely on the default Middleware authorization are affected by a vulnerability. A bad actor could create an empty/mock user, by getting hold of a ...
1 year ago
Oracle’s First Security Update for 2023 Includes 327 New Patches - Oracle has released its first security update of 2023, delivering 327 new security fixes and patching a range of critical vulnerabilities. This update covers products spanning across Oracle’s Cloud portfolio, Fusion Middleware, Hyperion, E-Business ...
2 years ago Securityweek.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
2 years ago Esecurityplanet.com
F5 Patches Dangerous Vulnerabilities in BIG-IP Next Central Manager - F5 on Wednesday announced patches for its BIG-IP Next Central Manager to address potentially dangerous vulnerabilities that experts say could allow attackers to take complete control of a device. Enterprise firmware and hardware security firm ...
1 year ago Securityweek.com CVE-2024-21793 CVE-2024-26026
CVE-2024-21192 - Vulnerability in the Oracle Enterprise Manager for Fusion Middleware product of Oracle Fusion Middleware (component: WebLogic Mgmt). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows high privileged ...
1 year ago Tenable.com
Cybersecurity Weekly Recap: Key Updates on Attacks, Vulnerabilities, & Data Breaches - Threat actors have exploited a PHP CGI remote code execution (RCE) vulnerability, enabling unauthorized access and potential system compromise. Commvault patched a critical webserver vulnerability that could allow attackers to deploy malicious ...
9 months ago Cybersecuritynews.com CVE-2024-31317 BianLian Medusa
Weekly Cyber Security News Letter - Last Week's Top Cyber Attacks & Vulnerabilities - A critical vulnerability in Windows Defender Application Control (WDAC) has been uncovered, allowing attackers to bypass strict security policies using WinDbg Preview, a Microsoft Store app. A vulnerability in the FireEye EDR agent allows attackers ...
7 months ago Cybersecuritynews.com Hunters Akira
What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
1 year ago Cyberdefensemagazine.com Akira
CVE-2022-48931 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
Understanding the OWASP API Security Top 10: Why BOLA is the Number One Risk for APIs - Understanding and addressing vulnerabilities is critical in cybersecurity, where APIs serve as the backbone for seamless data exchange. Among the vulnerabilities highlighted, Broken Object Level Authorization stands out as a top priority and a major ...
1 year ago Imperva.com
2 Bugs in F5 Asset Manager Allow Full Takeover, Hidden Accounts - Newly discovered vulnerabilities in F5 Networks' BIG-IP Next Central Manager could allow an attacker to gain full control over, and create hidden accounts inside of, any F5-brand assets. BIG-IP is the umbrella for F5's various software and hardware ...
1 year ago Darkreading.com
CVE-2025-30218 - Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all ...
8 months ago
CISA: Volt Typhoon had access to some U.S. targets for 5 years - U.S. government agencies issued another warning about the significant threat posed by a Chinese nation-state threat group to critical infrastructures, revealing attackers might have been lurking in victims' IT environments for several years. Last ...
1 year ago Techtarget.com CVE-2023-27997 Volt Typhoon

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)