CVE-2025-29927
CVE-2025-29927
Título es
CVE-2025-29927
Vie, 21/03/2025 – 15:15
Tipo
CWE-285
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2025-29927
Descripción en
Next.js is a React framework for building full-stack web applications. Prior to 14.2.25 and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 14.2.25 and 15.2.3.
21/03/2025
21/03/2025
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Gravedad 3.1 (CVSS 3.1 Base Score)
9.10
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
CRITICAL
Enviar en el boletín
Off
