Skip to main content

CSA will never ask you to transfer money or disclose banking details. Stay vigilant.

If unsure, call the 24/7 ScamShield Helpline at 1799 to check. www.scamshield.gov.sg

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in Next.js
Alerts

Critical Vulnerability in Next.js

24 March 2025

Next.js has released updates addressing a critical vulnerability (CVE-2025-29927) in Next.js React framework, which is used for building web applications. Users and administrators are advised to update to the latest versions.

Next.js has released updates addressing a critical vulnerability (CVE-2025-29927) in Next.js React framework, which is used for building web applications. The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.1 out of 10.

Successful exploitation of the authorisation bypass vulnerability could allow an unauthenticated attacker to gain access to sensitive web pages reserved for administrators or other high-privileged users.

The vulnerability affects Next.js versions 11.1.4 through 15.2.2.

Users and administrators of the affected products are advised to update to the latest versions.

More information is available here:
https://nextjs.org/blog/cve-2025-29927
https://thehackernews.com/2025/03/critical-nextjs-vulnerability-allows.html
https://www.herodevs.com/vulnerability-directory/cve-2025-29927

Back to top