Bleeping Computer

Critical flaw in Next.js lets hackers bypass authorization

A critical severity vulnerability has been discovered in the Next.js open-source web development framework, potentially allowing attackers to bypass authorization checks. The flaw, tracked as CVE-2025 ...
InfoWorld

Warning for developers, web admins: update Next.js to prevent exploit

Developers and web admins using the Next.js framework for building or managing interactive web applications should install a security update to plug a critical vulnerability. The vulnerability, ...