Next.js Middleware Authentication Bypass Vulnerability (CVE-2025-29927)

A pink background with concentric circles and a white bug icon in the center. Text reads, Next.js Middleware Authentication Bypass Vulnerability (CVE-2025-29927). Upwind logo in the top right corner.

Next.js middleware plays a key role in securing applications by enforcing authentication, managing access control, and applying security headers. However, a newly discovered vulnerability, CVE-2025-29927, allows attackers to bypass these protections entirely using a manipulated HTTP header. Affected Versions This flaw affects the following versions: The Core Issue Next.js prevents infinite middleware loops by tracking […]