https://www.bleepingcomputer.com/news/security/critical-flaw-in-nextjs-lets-hackers-bypass-authorization/

A critical severity vulnerability has been discovered in the Next.js open-source web development framework, potentially allowing attackers to bypass authorization checks.

The flaw, tracked as CVE-2025-29927, enables attackers to send requests that reach destination paths without going through critical security checks.