@hackingne.ws on Bluesky

JavaScript RequiredThis is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is. Learn more about Bluesky at bsky.social and atproto.com.

Post

Hacking News

hackingne.ws

did:plc:ys7v4hnzbd6un77f2olsx2q3

Critical Next.js vulnerability (CVE-2025-29927), CVSS score 9.1, allows bypass of middleware authorization checks. Affects versions before 12.3.5, 13.5.9, 14.2.25, and 15.2.3. Attackers can access unauthorized resources. Update or mitigate by blocking `x-middleware-subrequest` header.

2025-03-24T10:58:02.046Z