#CVE-2025-29927 impact scope

1 messages ยท Page 1 of 1 (latest)

lunar quarry
#

Hi!

The impact scope of the CVE 2025-29927 (https://nextjs.org/blog/cve-2025-29927) is not clear to me.
I'm in the following situation :

  • I rely on Middleware for auth or security checks, which are not then validated later in my application.
  • My app is hosted on Vercel.

Then I'm in the Affected and Not Affected sections. What do I conclude?

Have all a great day!

CVE-2025-29927

Next.js version 15.2.3 has been released to address a security vulnerability CVE-2025-29927.

obsidian stumpBOT
#
Post created!

๐Ÿ”Ž This post has been indexed in our web forum and will be seen by search engines so other users can find it outside Discord

๐Ÿ•ต๏ธ Your user profile is private by default and won't be visible to users outside Discord, if you want to be visible in the web forum you can add the "Public Profile" role in id:customize

โœ… You can mark a message as the answer for your post with Right click -> Apps -> Mark Solution
(if you don't see the option, try refreshing Discord with Ctrl + R)

light panther
#

You are technically vulnerable but Vercel has ad hoc firewall rules in place to prevent your app from receiving the malicious requests.

rigid bolt
lunar quarry
#

Great. Thanks a lot! Have a great day ๐Ÿ™‚

obsidian stumpBOT
obsidian stumpBOT
lunar quarry
#

Btw, how do you know all that? Is there doc about this?