A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions.
The vulnerability, tracked as CVE-2025-29927, carries a CVSS score of 9.1 out of 10.0.
"Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops," Next.js said in an



Source: TheHackerNews
Source Link: https://thehackernews.com/2025/03/critical-nextjs-vulnerability-allows.html