CVE-2025-29927 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-29927 PUBLISHED

Next.js ist ein Framework für React-basierte Web-Anwendungen.

EPSS 92.95% · 99.8th percentile

Risk Scores

EPSS Score

92.95%

99.8th percentile

Affected Products

Vendor	Product	Versions
Vercel	Vercel Next.js <15.2.3
Vercel	Vercel Next.js <12.3.5
Vercel	Vercel Next.js <13.5.9
Vercel	Vercel Next.js <14.2.25

Timeline

CVE Published
Jun 28, 2021 PoC Published
May 5, 2022 CrowdSec Sighting
May 25, 2022 CrowdSec Sighting
Jan 4, 2023 CrowdSec Sighting
Sep 11, 2023 CrowdSec Sighting
Nov 25, 2023 CrowdSec Sighting
Nov 27, 2023 CrowdSec Sighting
Nov 27, 2023 CrowdSec Sighting
Dec 7, 2023 CrowdSec Sighting
Mar 4, 2024 CrowdSec Sighting
May 2, 2024 CrowdSec Sighting

References

https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0627.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0627 advisory
https://nextjs.org/blog/cve-2025-29927 advisory
https://github.com/advisories/GHSA-f82v-jwr5-mffw advisory
https://github.com/websecnl/CVE-2025-29927-PoC-Exploit exploit
https://github.com/vercel/next.js/releases advisory
https://beelzebub.ai/blog/threat-huntinga-analysis-of-a-nextjs-exploit-campaign/ exploit
CVE-2025-29927: Authorization Bypass in Next.js third-party-analysis

Open in Interactive Console →