Re: CVE-2025-29927: Authorization Bypass in Next.js Middleware

[Alan Coopersmith <alan.coopersmith () oracle com>]

On 3/23/25 12:14, Alan Coopersmith wrote:
> https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw adds:
>
> > Credits
> >
> >     Allam Rachid (zhero;)
> >     Allam Yasser (inzo_)

They have published their own writeup at:
https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware

--
        -Alan Coopersmith-                 alan.coopersmith () oracle com
         Oracle Solaris Engineering - https://blogs.oracle.com/solaris