TechRadar

Critical security flaw in Next.js could spell big trouble for JavaScript users

Researchers spot critical vulnerability in Next.js If authorizations happen in middleware, they could be bypassed in older versions A patch, and a temporary workaround, are both available, so update ...
Bleeping Computer

Critical flaw in Next.js lets hackers bypass authorization

A critical severity vulnerability has been discovered in the Next.js open-source web development framework, potentially allowing attackers to bypass authorization checks. The flaw, tracked as CVE-2025 ...