Authorization Bypass Vulnerability in Vercel Next.js: CVE-2025-29927
It is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware.
- For Next.js 15.x, this issue is fixed in
15.2.3 - For Next.js 14.x, this issue is fixed in
14.2.25 - For Next.js versions
11.1.4thru13.5.6we recommend consulting the below workaround.