This critical vulnerability allowed attackers to bypass authentication implemented in the middleware layer. With the popularity of this framework on the internet and within our customers' attack surfaces, our Security Research team took a deeper look at the issue.
Explore the critical CVE-2025-29927 vulnerability in Next.js middleware, enabling attackers to bypass authorization checks and gain unauthorized access.
