vercel next.js: CVE-2025-29927: (Improper Authorization)
Description
Next.js is a React framework for building full-stack web applications. Prior to 14.2.25 and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. This check is exploit based and as a result runs a get request against a series of URIs (/admin, /dashboard, /settings, /account, /profile) and checks for a redirect request (response code 307) that would suggest a login is required. We then attempt to use the x-middleware-subrequest to bypass this login requirement which can be observed in the request returning a 200 response code.
Solution(s)
- vercel-next-js-cve-2025-29927
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center
