Next.js Archives | Cycognito

Emerging Threat: Next.js CVE-2025-29927

Product Marketing Manager
March 27, 2025

CVE-2025-29927 is a critical authorization vulnerability (CVSS 9.1) in self-hosted Next.js applications using middleware, allowing attackers to bypass security checks with a crafted x-middleware-subrequest header. It affects versions 11.1.5 to 15.2.2, with patches available in newer releases. While there are no active exploits reported as of March 27, 2025, CyCognito has issued guidance to help organizations assess and mitigate exposure.

See Exactly What Attackers See

Get a free scan of your attack surface and gain valuable insight into your organization's risk posture by allowing CyCognito to discover, contextualize, and test externally exposed assets on a portion of your parent company or a single subsidiary.

© Copyright 2025 CyCognito

CyCognito solves one of the most fundamental business problems in cybersecurity: seeing how attackers view your organization, where they are most likely to break in, what systems and assets are at risk and how you can eliminate the exposure.

Founded by national intelligence agency veterans, CyCognito has a deep understanding of how attackers exploit blind spots and a path of least resistance. Based in Palo Alto, CyCognito serves a number of large enterprises and Fortune 500 organizations, including Colgate-Palmolive, Tesco and many others.

For more information, follow us on Twitter @cycognito.

Company Leadership Team Careers Privacy and Trust News Press Releases Media Coverage Events Awards Partners Partner Program Resellers, MSPs & SIs Technology Alliance Partners Become a Partner Partner Login Schedule a Demo Get a Free Scan

CyCognito Blog

Posts tagged ‘Next.js’

Research

Emerging Threat: Next.js CVE-2025-29927

By Emma Zaballos

Product Marketing Manager
March 27, 2025

Topics

Search the Blog

Featured Posts

A New Framework: Understanding Exposure Management

By Emma Zaballos
November 11, 2024

Six Signs that Exposure Management is Right for Your Organization

By Jason Pappalexis
October 14, 2024

Think your attack surface is covered? Let’s look at the math.

By Jason Pappalexis
September 30, 2024

Defensive Playbook: Understanding New Trends in External Risk with CyCognito’s State of External Exposure Management Report

By Emma Zaballos
September 23, 2024

Web Application Security Testing: Struggles, Shortfalls and Solutions

By Graham Rance
June 3, 2024

Top Tags

CyCognito Research Report

State of External Exposure Management, Summer 2024 Edition

O'Reilly Report

Moving from Vulnerability Management to Exposure Management

Request a Free Scan

See Exactly What Attackers See

Get a Free Scan of Your Attack Surface

© Copyright 2025 CyCognito

CyCognito Blog

Posts tagged ‘Next.js’

By Emma Zaballos

Product Marketing Manager March 27, 2025

Topics

Search the Blog

Featured Posts

By Emma ZaballosNovember 11, 2024

By Jason PappalexisOctober 14, 2024

By Jason PappalexisSeptember 30, 2024

By Emma ZaballosSeptember 23, 2024

By Graham RanceJune 3, 2024

Top Tags

CyCognito Research Report

State of External Exposure Management, Summer 2024 Edition

O'Reilly Report

Moving from Vulnerability Management to Exposure Management

Request a Free Scan

See Exactly What Attackers See

© Copyright 2025 CyCognito

Product Marketing Manager
March 27, 2025

By Emma Zaballos
November 11, 2024

By Jason Pappalexis
October 14, 2024

By Jason Pappalexis
September 30, 2024

By Emma Zaballos
September 23, 2024

By Graham Rance
June 3, 2024