Next.js Under Siege as CVE-2025-29927 Opens the Floodgates for Attackers

Red | Vulnerability Report
Download PDF

A newly discovered vulnerability, CVE-2025-29927, has shaken the foundations of Next.js middleware, leaving millions of applications exposed. This flaw grants attackers the power to bypass security controls using nothing more than a manipulated HTTP header. Given Next.js’s widespread adoption, the potential damage is vast. From unauthorized access to malicious content injection, the consequences are severe. Organizations relying on Next.js are urged to act swiftly; in the face of such a simple yet devastating exploit, every second counts.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox