Next.js Middleware - Authorisation Bypass (CVE-2025-29927)
- Dee Sehejpal BSc (HONS)
- Mar 28
- 1 min read
Application Details
Vercel Next.js is a React framework for building full-stack web applications.
Vulnerability
Next.js could allow a remote attacker to bypass authorisation checks, caused by a flaw if the authorisation check occurs in middleware.
Identification
Next.js uses an internal header "x-middleware-subrequest" to prevent recursive requests from triggering infinite loops, however, it was possible to skip running Middleware, which could allow requests to skip critical checks, such as authorisation cookie validation, before reaching routes.
GET /dashboard/team/admin
x-middleware-subrequest: pages/_middlewareDetection
By turning this into a traffic file and matching rule, we are able to detect attempts to bypass authorisation checks.
Coverage
Idappcom has created signature 8025825 along with a traffic file for this vulnerability.
References
Traffic IQ
If you are concerned that your business may be at risk of this vulnerability, or others, why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional
Comments