CVE-2025-29927

{"id": "CVE-2025-29927", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2025-03-21T15:15:42.660", "references": [{"url": "https://github.com/vercel/next.js/commit/52a078da3884efe6501613c7834a3d02a91676d2", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/vercel/next.js/commit/5fd3ae8f8542677c6294f32d18022731eab6fe48", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/vercel/next.js/releases/tag/v12.3.5", "tags": ["Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/vercel/next.js/releases/tag/v13.5.9", "tags": ["Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "http://www.openwall.com/lists/oss-security/2025/03/23/3", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2025/03/23/4", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20250328-0002/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-285"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3."}, {"lang": "es", "value": "Next.js es un framework de React para crear aplicaciones web full-stack. En versiones anteriores a la 14.2.25 y la 15.2.3, era posible omitir las comprobaciones de autorizaci\u00f3n dentro de una aplicaci\u00f3n Next.js si esta se realizaba en middleware. Si no es posible aplicar una versi\u00f3n segura, se recomienda evitar que las solicitudes de usuarios externos que contengan el encabezado \"x-middleware-subrequest\" lleguen a la aplicaci\u00f3n Next.js. Esta vulnerabilidad se corrigi\u00f3 en las versiones 14.2.25 y 15.2.3."}], "lastModified": "2025-09-10T15:49:40.637", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "6D275D05-70E5-49CA-BCFE-74B31DB3D8EF", "versionEndExcluding": "12.3.5", "versionStartIncluding": "11.1.4"}, {"criteria": "cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "49731FD6-617A-42DE-9F95-A7F42809C32F", "versionEndExcluding": "13.5.9", "versionStartIncluding": "13.0.0"}, {"criteria": "cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "5F836D0E-1580-40C6-93E5-6DB939E7BA86", "versionEndExcluding": "14.2.25", "versionStartIncluding": "14.0.0"}, {"criteria": "cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "E214D84F-7B55-4089-B1C4-9BF8B7AC7375", "versionEndExcluding": "15.2.3", "versionStartIncluding": "15.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}