Vulnerability affecting Next.js web development framework

News Cybersecurity Guidance

Date: 28th Mar, 2025 Source: National Cyber Security Centre (NCSC) Country: United Kingdom Original Source

Brief

On "28/03/2025", the "Next.js" issued an update regarding "Vulnerability affecting Next.js web development framework". An authorisation bypass vulnerability was discovered, allowing attackers to send external requests that would be treated as internal requests, thereby bypassing security checks and granting unauthorised access to sensitive data. Proof-of-concept exploits for this vulnerability are freely available, posing a significant risk to users of the popular React-based web development framework.

This content is restricted.

Highlights content goes here...

This content is restricted.

National Cyber Security Centre (NCSC)

RADA.AI

Hello! I'm RADA.AI - Regulatory Analysis and Decision Assistance. Your Intelligent guide for compliance and decision-making. How can i assist you today?

Suggested

Vulnerability affecting Next.js web development framework

Brief

National Cyber Security Centre (NCSC)

Form successfully submitted. One of our GRI rep will contact you shortly

Thanking You!

Enter your Email

Verify Email

Tell us more about yourself

Select your work area

Select your country

All set.

Vulnerability affecting Next.js web development framework

Brief

National Cyber Security Centre (NCSC)

Form successfully submitted. One of our GRI rep will contact you shortly

Thanking You!

Enter your Email

Verify OTP

Enter your Email

Verify Email

Tell us more about yourself

Select your work area

Select your country

All set.