cve-2025-29927
Safeguard articles tagged "cve-2025-29927" — guides, analysis, and best practices for software supply chain and application security.
4 articles
CVE-2025-29927: inside the Next.js middleware auth bypass
A single spoofed header let attackers skip Next.js middleware entirely — CVSS 9.1, four major versions affected, exploited in the wild within days.
CVE-2025-29927: Next.js middleware authorization bypass
A spoofable internal header let attackers skip Next.js middleware outright, bypassing auth and route protection across many production deployments.
React Server Components RCE vulnerability advisory
CVE-2025-29927 lets attackers bypass Next.js middleware auth with a forged header — a chain that can escalate to full RCE on React Server Components apps.
Next.js Middleware Authorization Bypass: CVE-2025-29927
A critical flaw in Next.js allowed attackers to bypass middleware-based authorization by setting a single HTTP header. Applications relying on middleware for auth checks were completely exposed.