The vulnerability tracked as CVE-2025-29927 impacts the Next.js middleware. It allows an attacker to bypass auhtorization mechanisms.
The following versions are impacted:
• >= 11.1.4, <= 13.5.6
• >= 14.0, < 14.2.25
• >= 15.0, < 15.2.3
Stormhield Network Security (SNS) appliance protects you from that attack, thanks to a dedicated IPS signature. To work efficiently on HTTPS traffic, it must be decrypted.
| ID | Name |
| http:client:header.259 | Exploitation of a NextJS middleware vulnerability (CVE-2025-29927) |