VDB
MSRC_CVE-2025-29972
MSRC_CVE-2025-29972
PUBLISHED
CVSS 9.899999618530273 CRITICAL
Risk Scores
CVSS 3.1
9.899999618530273
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Azure Storage Resource Provider (SRP) |
Exploit Intelligence
- CVE-2025-29927 - Critical Security Vulnerability in Next.js (github-poc)
- CVE-2025-29927 is a critical security vulnerability affecting Next.js, a popular React framework for building full-stack web applications. This flaw allows attackers to bypass authorization checks implemented in Next.js middleware, potentially granting unauthorized access to sensitive areas of an application, such as admin pages or user dashboards. (github-poc)
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29972 (circl)
- https://msrc.microsoft.com/csaf/advisories/2025/msrc_cve-2025-29972.json (circl)
- https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1 (circl)
- https://support.microsoft.com/lifecycle (circl)
- https://www.first.org/cvss (circl)
Timeline
- May 8, 2025 CVE Updated
- May 13, 2025 CVE Published
- Apr 1, 2026 Security Advisory
- Apr 1, 2026 Security Advisory