Description

A vulnerability in Next.js allows attackers to bypass middleware-based authorization checks by adding a specially crafted x-middleware-subrequest header to HTTP requests. This bypass completely circumvents middleware controls that are commonly used for implementing authorization, path rewriting, server-side redirects, and adding response headers such as Content Security Policy (CSP).

Remediation

Update to the latest patched version of Next.js (13.5.7+, 14.2.25+, or 15.2.3+). If immediate updating is not possible, implement additional layers of access control that don't rely solely on Next.js middleware, such as server-side validation of authentication tokens or implementing access controls at the API or database level.

References

Authorization Bypass in Next.js Middleware

Next.js and the corrupt middleware: the authorizing artifact

Related Vulnerabilities

WordPress Plugin Rank Math SEO-Best SEO For WordPress To Increase Your SEO Traffic Security Bypass (1.0.27)

WordPress Plugin Photo Gallery-Image Gallery by Ape Security Bypass (2.0.6)

WordPress Plugin Mingle Forum SQL Injection and Security Bypass Vulnerabilities (1.0.26)

WordPress Plugin WM Simple Captcha Security Bypass (2.0.3)

Joomla! Core 3.x.x Security Bypass (3.2.0 - 3.8.1)

Severity

High

Classification

CVE-2025-29927 CWE-285 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Authentication Bypass