Protection against Next.js CVE-2025-29927 - Vercel – Vercel
Aaron Brown
·
2025-03-22
·
via Vercel News
Aaron BrownHead of Security
A security vulnerability in Next.js was responsibly disclosed, which allows malicious actors to bypass authorization in Middleware when targeting the x-middleware-subrequest header.
Vercel customers are not affected. We still recommend updating to the patched versions. Learn more about CVE-2025-29927.
Ready to deploy? Start building with a free account. Speak to an expert for your Pro or Enterprise needs.
Explore Vercel Enterprise with an interactive product tour, trial, or a personalized demo.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。