Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Critical Vulnerability in Next.js

24 March 2025

Next.js has released updates addressing a critical vulnerability (CVE-2025-29927) in Next.js React framework, which is used for building web applications. Users and administrators are advised to update to the latest versions.

Next.js has released updates addressing a critical vulnerability (CVE-2025-29927) in Next.js React framework, which is used for building web applications. The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.1 out of 10.

Successful exploitation of the authorisation bypass vulnerability could allow an unauthenticated attacker to gain access to sensitive web pages reserved for administrators or other high-privileged users.

The vulnerability affects Next.js versions 11.1.4 through 15.2.2.

Users and administrators of the affected products are advised to update to the latest versions.

More information is available here:
https://nextjs.org/blog/cve-2025-29927
https://thehackernews.com/2025/03/critical-nextjs-vulnerability-allows.html
https://www.herodevs.com/vulnerability-directory/cve-2025-29927

Back to top