It is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware.
15.2.3
14.2.25
13.5.9
12.3.5
Note: Next.js deployments hosted on Vercel are automatically protected against this vulnerability.
If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest
header from reaching your Next.js application.
{ "github_reviewed": true, "github_reviewed_at": "2025-03-21T15:20:12Z", "cwe_ids": [ "CWE-285" ], "severity": "CRITICAL", "nvd_published_at": "2025-03-21T15:15:42Z" }