Incorrect Authorization
CVE-2025-29927
Summary
Next.js is a React framework for building full-stack web applications. In 11.1.4 through 12.3.5, 13.x prior to 13.5.9, 14.x prior to 14.2.25, 14.3.0-canary.0 through 14.3.0-canary.87, 15.x prior to 15.2.3, and 15.3.0-canary.0 through 15.3.0-canary.11, it is possible to bypass authorization checks within a Next.js application if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommended that you prevent external user requests that contain the "x-middleware-subrequest" header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- HIGH
- NONE
CWE-863 - Incorrect Authorization
Authorization is a security mechanism performed by an application to grant or deny access to the requested resources by verifying the privileges of the user. When an application lacks effective authorization mechanisms, it enables unauthorized users to gain unintended privileges and illegitimate access to resources. Such a vulnerability may result in exposure of sensitive information, denial of service, arbitrary code execution, and complete system takeover.
References
Advisory Timeline
- Published
