{"id":1434,"date":"2025-03-27T10:38:15","date_gmt":"2025-03-27T17:38:15","guid":{"rendered":"https:\/\/www.cycognito.com\/blog\/?p=1434"},"modified":"2025-03-27T10:38:16","modified_gmt":"2025-03-27T17:38:16","slug":"emerging-threat-next-js-cve-2025-29927","status":"publish","type":"post","link":"https:\/\/www.cycognito.com\/blog\/emerging-threat-next-js-cve-2025-29927\/","title":{"rendered":"Emerging Threat: Next.js CVE-2025-29927"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">What is CVE-2025-29927?&nbsp;<\/h2>\n\n\n\n<p>A critical improper authorization vulnerability (CVSS 9.1) in Next.js, tracked as <a href=\"https:\/\/nextjs.org\/blog\/cve-2025-29927\">CVE-2025-29927<\/a>, was publicly disclosed on March 21, 2025. Next.js is a popular React-based web framework used for building full-stack applications.&nbsp;<\/p>\n\n\n\n<p>This vulnerability impacts applications that utilize middleware for authorization checks. Middleware functions used to implement access control, session validation, redirects, or security headers on incoming HTTP requests. Unfortunately, this vulnerability allows attackers to slip past these critical security checks and this vulnerability allows unauthenticated attackers to circumvent these protections by sending a specially crafted <em>x-middleware-subrequest <\/em>header.<\/p>\n\n\n\n<p>Next.js utilizes the<em> x-middleware-subrequest<\/em> header internally to prevent infinite loops that can be caused by recursive requests. The vulnerability exploits process to skip critical checks. Successful exploitation could lead to unauthorized access to restricted pages or APIs, depending on how the application is structured. This technique, despite its simplicity, is quite powerful and allows threat actors to perform unauthorized actions and gain access to protected routes.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What assets are affected by CVE-2025-29927?&nbsp;<\/h2>\n\n\n\n<p>This vulnerability affects Next.js versions<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Next.js 11: 11.1.5 through 12.3.4<\/li>\n\n\n\n<li>Next.js 13: 13.0.0 through 13.5.8<\/li>\n\n\n\n<li>Next.js 14: 14.0.1 through 14.2.24<\/li>\n\n\n\n<li>Next.js 15: 15.0.1 through 15.2.2<\/li>\n<\/ul>\n\n\n\n<p>While all of the above versions are vulnerable, the mechanics of the exploit differ slightly between legacy versions(pre-12.2) and modern versions (12.2 and later versions). Legacy versions are vulnerable when the header is set to<br><em>x-middleware-subrequest: pages\/_middleware<\/em>, while modern setups are exploited using repetitive patterns like <em>x-middleware-subrequest: middleware:middleware:middleware\u2026<\/em> or <em>src\/middleware:\u2026 <\/em>if using a source directory structure).&nbsp;<\/p>\n\n\n\n<p>This vulnerability only affects self-hosted Next.js applications using Middleware for authentication or security checks that are not validated later in the application.&nbsp;<\/p>\n\n\n\n<p>Applications hosted on Vercel, Netlify, and applications deployed as static exports (that do not execute Middleware) are not affected by CVE-2025-29927.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Are fixes available?&nbsp;<\/h2>\n\n\n\n<p>The vendor recommends upgrading to Next.js version 15.2.3.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>For Next.js 15.x, this issue is fixed in 15.2.3<\/li>\n\n\n\n<li>For Next.js 14.x, this issue is fixed in 14.2.25<\/li>\n\n\n\n<li>For Next.js 13.x, this issue is fixed in 13.5.9<\/li>\n\n\n\n<li>For Next.js 12.x, this issue is fixed in 12.3.5\u00a0<\/li>\n\n\n\n<li>For Next.js 11.x, this issue is fixed in 12.3.5<\/li>\n<\/ul>\n\n\n\n<p>Backported patches are also available. Next.js also identified self-hosted Next.js deployments using next start and output: &#8216;standalone&#8217; as the highest priority for patching and upgrading.&nbsp;&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Are there any other recommended actions to take?&nbsp;<\/h2>\n\n\n\n<p>If patching to a secure version is not possible, it is advised to block external user requests that include the x-middleware-subrequest header from reaching your Next.js application. Applications that use Cloudflare can enable a <a href=\"https:\/\/developers.cloudflare.com\/changelog\/2025-03-22-next-js-vulnerability-waf\/\">managed WAF<\/a> rule to do this.<\/p>\n\n\n\n<p>Next.js also recommends validating that your applications do not rely solely on middleware to handle critical authentication and authorization logic.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Is CVE-2025-29927 being actively exploited?&nbsp;<\/h2>\n\n\n\n<p>As of March 27th, 2025, there are no reports of this vulnerability being actively exploited in the wild. However, Next.jw is widely used, with over 10 million downloads weekly.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How is CyCognito helping customers identify assets vulnerable to CVE-2025-29927?&nbsp;<\/h2>\n\n\n\n<p>CyCognito published an emerging threat advisory within the CyCognito platform on March 27th and is researching detection capabilities for this vulnerability. CyCognito advises customers to check assets running next.js services to evaluate their exposure, even if they are not explicitly identified as running vulnerable versions.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1280\" height=\"742\" src=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-9-1280x742.webp\" alt=\"\" class=\"wp-image-1435\" srcset=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-9-1280x742.webp 1280w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-9-512x297.webp 512w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-9-768x445.webp 768w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-9-1536x891.webp 1536w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-9.webp 1914w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><\/figure>\n\n\n\n<p class=\"caption\">Figure 1: The alert sent by CyCognito for CVE-2025-29927<\/p>\n\n\n\n<p>Check out CyCognito\u2019s <a href=\"https:\/\/www.cycognito.com\/emerging-threats\/\">Emerging Threats<\/a> page for more information on potentially relevant vulnerabilities.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How can CyCognito help your organization?&nbsp;<\/h2>\n\n\n\n<p>CyCognito is an exposure management platform that reduces risk by discovering, testing and prioritizing security issues. The platform scans billions of websites, cloud applications and APIs and uses advanced AI to identify the most critical risks and guide remediation. Emerging companies, government agencies and Fortune 500 organizations rely on CyCognito to secure and protect from growing threats. Want to see how it works? Check out our website and explore our platform with a self-guided, interactive <a href=\"https:\/\/app.getreprise.com\/launch\/V6Waa5X\">dashboard product tour<\/a>. To learn how CyCognito can help you understand your external attack surface and exposed risks, please visit our <a href=\"https:\/\/www.cycognito.com\/contact\/\">Contact Us page<\/a> to schedule a demo.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE-2025-29927 is a critical authorization vulnerability (CVSS 9.1) in self-hosted Next.js applications using middleware, allowing attackers to bypass security checks with a crafted x-middleware-subrequest header. It affects versions 11.1.5 to 15.2.2, with patches available in newer releases. While there are no active exploits reported as of March 27, 2025, CyCognito has issued guidance to help organizations assess and mitigate exposure.   <\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[58,231,230,232,57],"class_list":["post-1434","post","type-post","status-publish","format-standard","hentry","category-research","tag-cve","tag-improper-authorization","tag-next-js","tag-unauthorized-access","tag-vulnerability"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Emerging Threat: Next.js CVE-2025-29927 | CyCognito Blog<\/title>\n<meta name=\"description\" content=\"CVE-2025-29927 is a critical Next.js flaw allowing middleware authentication bypass. CyCognito published an emerging threat advisory for this issue.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cycognito.com\/blog\/emerging-threat-next-js-cve-2025-29927\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Emerging Threat: Next.js CVE-2025-29927\" \/>\n<meta property=\"og:description\" content=\"CVE-2025-29927 is a critical Next.js flaw allowing middleware authentication bypass. CyCognito published an emerging threat advisory for this issue.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cycognito.com\/blog\/emerging-threat-next-js-cve-2025-29927\/\" \/>\n<meta property=\"og:site_name\" content=\"CyCognito Blog\" \/>\n<meta property=\"article:published_time\" content=\"2025-03-27T17:38:15+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-03-27T17:38:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/banner-blog-2025-03-27-2400x1256-email.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2400\" \/>\n\t<meta property=\"og:image:height\" content=\"1256\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Emma Zaballos\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Emma Zaballos\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-threat-next-js-cve-2025-29927\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-threat-next-js-cve-2025-29927\/\"},\"author\":{\"name\":\"Emma Zaballos\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/42c314196e7f096a74bd885693643d58\"},\"headline\":\"Emerging Threat: Next.js CVE-2025-29927\",\"datePublished\":\"2025-03-27T17:38:15+00:00\",\"dateModified\":\"2025-03-27T17:38:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-threat-next-js-cve-2025-29927\/\"},\"wordCount\":688,\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-threat-next-js-cve-2025-29927\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-9-1280x742.webp\",\"keywords\":[\"CVE\",\"Improper Authorization\",\"Next.js\",\"Unauthorized Access\",\"Vulnerability\"],\"articleSection\":[\"Research\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-threat-next-js-cve-2025-29927\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/emerging-threat-next-js-cve-2025-29927\/\",\"name\":\"Emerging Threat: Next.js CVE-2025-29927 | CyCognito Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-threat-next-js-cve-2025-29927\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-threat-next-js-cve-2025-29927\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-9-1280x742.webp\",\"datePublished\":\"2025-03-27T17:38:15+00:00\",\"dateModified\":\"2025-03-27T17:38:16+00:00\",\"description\":\"CVE-2025-29927 is a critical Next.js flaw allowing middleware authentication bypass. CyCognito published an emerging threat advisory for this issue.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-threat-next-js-cve-2025-29927\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.cycognito.com\/blog\/emerging-threat-next-js-cve-2025-29927\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-threat-next-js-cve-2025-29927\/#primaryimage\",\"url\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-9.webp\",\"contentUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-9.webp\",\"width\":1914,\"height\":1110},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-threat-next-js-cve-2025-29927\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.cycognito.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Emerging Threat: Next.js CVE-2025-29927\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"name\":\"Cycognito Blog\",\"description\":\"Research, Product News and Latest Updates\",\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\",\"name\":\"Cycognito\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"contentUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"width\":1720,\"height\":550,\"caption\":\"Cycognito\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/42c314196e7f096a74bd885693643d58\",\"name\":\"Emma Zaballos\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/7ff812a5ab34a955a1e815e6719c68a7?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/7ff812a5ab34a955a1e815e6719c68a7?s=96&d=mm&r=g\",\"caption\":\"Emma Zaballos\"},\"description\":\"Product Marketing Manager\",\"url\":\"https:\/\/www.cycognito.com\/blog\/author\/emma-zaballos\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Emerging Threat: Next.js CVE-2025-29927 | CyCognito Blog","description":"CVE-2025-29927 is a critical Next.js flaw allowing middleware authentication bypass. CyCognito published an emerging threat advisory for this issue.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.cycognito.com\/blog\/emerging-threat-next-js-cve-2025-29927\/","og_locale":"en_US","og_type":"article","og_title":"Emerging Threat: Next.js CVE-2025-29927","og_description":"CVE-2025-29927 is a critical Next.js flaw allowing middleware authentication bypass. CyCognito published an emerging threat advisory for this issue.","og_url":"https:\/\/www.cycognito.com\/blog\/emerging-threat-next-js-cve-2025-29927\/","og_site_name":"CyCognito Blog","article_published_time":"2025-03-27T17:38:15+00:00","article_modified_time":"2025-03-27T17:38:16+00:00","og_image":[{"width":2400,"height":1256,"url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/banner-blog-2025-03-27-2400x1256-email.png","type":"image\/png"}],"author":"Emma Zaballos","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Emma Zaballos","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.cycognito.com\/blog\/emerging-threat-next-js-cve-2025-29927\/#article","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/emerging-threat-next-js-cve-2025-29927\/"},"author":{"name":"Emma Zaballos","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/42c314196e7f096a74bd885693643d58"},"headline":"Emerging Threat: Next.js CVE-2025-29927","datePublished":"2025-03-27T17:38:15+00:00","dateModified":"2025-03-27T17:38:16+00:00","mainEntityOfPage":{"@id":"https:\/\/www.cycognito.com\/blog\/emerging-threat-next-js-cve-2025-29927\/"},"wordCount":688,"publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/emerging-threat-next-js-cve-2025-29927\/#primaryimage"},"thumbnailUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-9-1280x742.webp","keywords":["CVE","Improper Authorization","Next.js","Unauthorized Access","Vulnerability"],"articleSection":["Research"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.cycognito.com\/blog\/emerging-threat-next-js-cve-2025-29927\/","url":"https:\/\/www.cycognito.com\/blog\/emerging-threat-next-js-cve-2025-29927\/","name":"Emerging Threat: Next.js CVE-2025-29927 | CyCognito Blog","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.cycognito.com\/blog\/emerging-threat-next-js-cve-2025-29927\/#primaryimage"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/emerging-threat-next-js-cve-2025-29927\/#primaryimage"},"thumbnailUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-9-1280x742.webp","datePublished":"2025-03-27T17:38:15+00:00","dateModified":"2025-03-27T17:38:16+00:00","description":"CVE-2025-29927 is a critical Next.js flaw allowing middleware authentication bypass. CyCognito published an emerging threat advisory for this issue.","breadcrumb":{"@id":"https:\/\/www.cycognito.com\/blog\/emerging-threat-next-js-cve-2025-29927\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cycognito.com\/blog\/emerging-threat-next-js-cve-2025-29927\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/emerging-threat-next-js-cve-2025-29927\/#primaryimage","url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-9.webp","contentUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-9.webp","width":1914,"height":1110},{"@type":"BreadcrumbList","@id":"https:\/\/www.cycognito.com\/blog\/emerging-threat-next-js-cve-2025-29927\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cycognito.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Emerging Threat: Next.js CVE-2025-29927"}]},{"@type":"WebSite","@id":"https:\/\/www.cycognito.com\/blog\/#website","url":"https:\/\/www.cycognito.com\/blog\/","name":"Cycognito Blog","description":"Research, Product News and Latest Updates","publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.cycognito.com\/blog\/#organization","name":"Cycognito","url":"https:\/\/www.cycognito.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","contentUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","width":1720,"height":550,"caption":"Cycognito"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/42c314196e7f096a74bd885693643d58","name":"Emma Zaballos","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/7ff812a5ab34a955a1e815e6719c68a7?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7ff812a5ab34a955a1e815e6719c68a7?s=96&d=mm&r=g","caption":"Emma Zaballos"},"description":"Product Marketing Manager","url":"https:\/\/www.cycognito.com\/blog\/author\/emma-zaballos\/"}]}},"_links":{"self":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/1434","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/comments?post=1434"}],"version-history":[{"count":1,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/1434\/revisions"}],"predecessor-version":[{"id":1436,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/1434\/revisions\/1436"}],"wp:attachment":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/media?parent=1434"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/categories?post=1434"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/tags?post=1434"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}