A naukri.com initiative
Logrocket
4d
24
Image Credit: Logrocket
Understanding Next.js’s middleware vulnerability
- A critical auth bypass vulnerability (CVE-2025-29927) in Next.js allows attackers to skip middleware checks by manipulating the x-middleware-subrequest header in versions 11.1.4 through 15.x.
- Managed hosts like Vercel were safe, but self-hosted apps using middleware for access control are at risk.
- Upgrade to patched versions (13.5.6, 14.2.24, 15.2.2+) or implement auth checks directly in protected routes if immediate upgrade is not possible.
- The vulnerability affects all versions of Next.js from 11.1.4 to just before the patched releases (13.5.6, 14.2.24, 15.2.2).
- Attackers exploit the vulnerability by faking the x-middleware-subrequest header, enabling them to access protected routes in applications.
- Next.js middleware functions between request and response cycles, commonly used for actions like error handling, authentication, and authorization.
- The x-middleware-subrequest header is manipulated by attackers to trick Next.js into bypassing security measures and accessing protected routes.
- Apps hosted on Vercel, Netlify, or using Cloudflare with properly configured rules were automatically protected from the vulnerability.
- To address the vulnerability, update Next.js to the latest version or add extra security checks within protected routes as a temporary measure.
- Be wary of relying solely on HTTP headers for security decisions, as they can be easily manipulated by malicious actors.
Read Full Article
1 Like
For uninterrupted reading, download the app