Skip to content

Navigation Menu

• • GitHub Copilot

    Write better code with AI

  • Security

    Find and fix vulnerabilities

  • Actions

    Automate any workflow

  • Codespaces

    Instant dev environments

  • Issues

    Plan and track work

  • Code Review

    Manage code changes

  • Discussions

    Collaborate outside of code

  • Code Search

    Find more, search less

• Explore

  • Learning Pathways
  • Events & Webinars
  • Ebooks & Whitepapers
  • Customer Stories
  • Partners
  • Executive Insights

• • GitHub Sponsors

    Fund open source developers

*   The ReadME Project
    
    GitHub community articles

• • Enterprise platform

    AI-powered developer platform

• Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

1. GitHub Advisory Database
2. GitHub Reviewed
3. CVE-2025-29927

Authorization Bypass in Next.js Middleware

Critical severity GitHub Reviewed Published Mar 21, 2025 in vercel/next.js • Updated Mar 21, 2025

Affected versions

>= 11.1.4, <= 13.5.6

>= 14.0, < 14.2.25

>= 15.0, < 15.2.3

Patched versions

14.2.25

15.2.3

Description

Impact

It is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware.

Patches

• For Next.js 15.x, this issue is fixed in 15.2.3
• For Next.js 14.x, this issue is fixed in 14.2.25
• For Next.js versions 11.1.4 thru 13.5.6, consult the below workaround.

Workaround

If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application.

Credits

• Allam Rachid (zhero;)
• Allam Yasser (inzo_)

References

• GHSA-f82v-jwr5-mffw
• vercel/next.js@52a078d
• vercel/next.js@5fd3ae8

Published to the GitHub Advisory Database

Mar 21, 2025

Last updated

Mar 21, 2025

EPSS score