2 matches found
The vulnerability of the Next.js software platform for creating web applications lies in the insufficient protection of sensitive data, allowing attackers to gain unauthorized access to protected information.
The vulnerability of the Next.js web application development software platform is related to the transfer of the x-middleware-subrequest-id parameter to external hosts. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...
CVE-2025-30218
Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is not the same host ...