CVE-2025-29927

🗓️ 21 Mar 2025 15:15:42Reported by [email protected]Type

Next.js versions before 14.2.25 and 15.2.3 allow bypassing authorization checks in middleware.

Reporter	Title	Published	Views	Family All 116
GithubExploit	Exploit for Server-Side Request Forgery in Microsoft	9 Jun 202506:46	–	githubexploit
GithubExploit	Exploit for CVE-2025-29927	28 Apr 202511:14	–	githubexploit
GithubExploit	Exploit for CVE-2025-29927	24 Mar 202513:27	–	githubexploit
GithubExploit	Exploit for CVE-2025-29927	25 Apr 202508:51	–	githubexploit
GithubExploit	Exploit for CVE-2025-29927	27 Mar 202511:48	–	githubexploit
GithubExploit	Exploit for CVE-2025-29927	23 Mar 202519:41	–	githubexploit
GithubExploit	Exploit for CVE-2025-29927	25 Mar 202510:30	–	githubexploit
GithubExploit	Exploit for CVE-2025-29927	23 Mar 202521:42	–	githubexploit
GithubExploit	Exploit for CVE-2025-29927	28 Aug 202506:55	–	githubexploit
GithubExploit	Exploit for CVE-2025-29927	23 Apr 202508:19	–	githubexploit

NVD

Node

vercel next.jsRange11.1.4–12.3.5node.js

vercel next.jsRange13.0.0–13.5.9node.js

vercel next.jsRange14.0.0–14.2.25node.js

vercel next.jsRange15.0.0–15.2.3node.js

Source	Link
github	www.github.com/vercel/next.js/commit/52a078da3884efe6501613c7834a3d02a91676d2
security	www.security.netapp.com/advisory/ntap-20250328-0002/
openwall	www.openwall.com/lists/oss-security/2025/03/23/3
github	www.github.com/vercel/next.js/commit/5fd3ae8f8542677c6294f32d18022731eab6fe48
github	www.github.com/vercel/next.js/releases/tag/v13.5.9
openwall	www.openwall.com/lists/oss-security/2025/03/23/4
github	www.github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw
github	www.github.com/vercel/next.js/releases/tag/v12.3.5

17 Jun 2026 09:05Current

CVSS 3.19.1

EPSS0.93247