§ feed · storyline

Postmortem on Next.js Middleware bypass

Vercel publishes a postmortem on CVE-2025-29927, a critical Next.js middleware bypass vulnerability, detailing its incident analysis and planned next steps.

Mar 25 · 14:00:00 · primary fetch1 sourceupdated Mar 25 · 14:00:00

Last week, we published and patched a critical severity vulnerability in Next.js.

Here’s our post-incident analysis and next steps.CVE-2025-29927 Read more

read full article on vercel.com ↗

§ sources1 publication · timeline below

vercel.comPostmortem on Next.js Middleware bypassprimary14:00:00