Next in React Framework. JS, a significant safety interval. This allows attackers to avoid authority tests and thus compromise the web app. Update packages are available that repair weakness.
They have in the weekend next. JS developer a security notification Published with information about the difference. so x-middleware-subrequestTo ensure that the recurrent inquiry does not trigger endless loops. A security report has shown that it was possible to avoid “middleware”, which could inquire about important tests such as the authority of the authority cookies and reach “routes” directly (Cve 2025-29927, CVSS 9.1risk “Serious,
Next.js: affected environment
Self-hosted applications using “middleware” are unsafe. Next.js developers supplement: with “next beginning” version “standalone”. In addition, people who rely on “middleware” for authentication or for safety check in the app are affected. However, versions of versel, netify or apps that are installed as stable exports and do not “middleware” are not weak.
Next.JS 15.2.3, 14.2.5, 13.5.9 and 12.3.5 versions fix safety -related errors. If the patch is not possible on a safe version, the administrator’s user must be inquiring x-middleware-subrequest Penitioned, stop the next .js app. Apps using Cloudflare can activate a managed web eppyliannation-Firewall Rules (WAF), Next.JS developers.
They have for upgradation process Developer instructions and information It has been collected that IT managers should support it. Since the weak point is classified as a significant risk, the update should be done quickly.
Also read
(DMK)
