{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T20:07:21.427","vulnerabilities":[{"cve":{"id":"CVE-2025-29927","sourceIdentifier":"security-advisories@github.com","published":"2025-03-21T15:15:42.660","lastModified":"2025-09-10T15:49:40.637","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3."},{"lang":"es","value":"Next.js es un framework de React para crear aplicaciones web full-stack. En versiones anteriores a la 14.2.25 y la 15.2.3, era posible omitir las comprobaciones de autorización dentro de una aplicación Next.js si esta se realizaba en middleware. Si no es posible aplicar una versión segura, se recomienda evitar que las solicitudes de usuarios externos que contengan el encabezado \"x-middleware-subrequest\" lleguen a la aplicación Next.js. Esta vulnerabilidad se corrigió en las versiones 14.2.25 y 15.2.3."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*","versionStartIncluding":"11.1.4","versionEndExcluding":"12.3.5","matchCriteriaId":"6D275D05-70E5-49CA-BCFE-74B31DB3D8EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*","versionStartIncluding":"13.0.0","versionEndExcluding":"13.5.9","matchCriteriaId":"49731FD6-617A-42DE-9F95-A7F42809C32F"},{"vulnerable":true,"criteria":"cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*","versionStartIncluding":"14.0.0","versionEndExcluding":"14.2.25","matchCriteriaId":"5F836D0E-1580-40C6-93E5-6DB939E7BA86"},{"vulnerable":true,"criteria":"cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*","versionStartIncluding":"15.0.0","versionEndExcluding":"15.2.3","matchCriteriaId":"E214D84F-7B55-4089-B1C4-9BF8B7AC7375"}]}]}],"references":[{"url":"https://github.com/vercel/next.js/commit/52a078da3884efe6501613c7834a3d02a91676d2","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vercel/next.js/commit/5fd3ae8f8542677c6294f32d18022731eab6fe48","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vercel/next.js/releases/tag/v12.3.5","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/vercel/next.js/releases/tag/v13.5.9","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2025/03/23/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2025/03/23/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://security.netapp.com/advisory/ntap-20250328-0002/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}