## https://sploitus.com/exploit?id=6C670C0C-8FA1-5BFE-85B4-6F057D96607D
# CVE-2025-29927: Authorization Bypass in Next.js Middleware
A critical vulnerability in Next.js (CVE-2025-29927) allows unauthorized access to protected routes by bypassing the middleware logic. The issue affects Next.js versions 11.1.4 to 13.5.6, and versions 14.x < 14.2.25 or 15.x < 15.2.3. To mitigate, upgrade to the latest fixed versions (14.2.25+ or 15.2.3+), or apply a firewall rule to block the `x-middleware-subrequest` header.