CVE-2025-29927 impact scope

Answered

American Crocodile posted this in #help-forum

Open in Discord

American CrocodileOP

2025-04-01T09:07:35.332Z

Hi!

The impact scope of the CVE 2025-29927 (https://nextjs.org/blog/cve-2025-29927) is not clear to me.
I'm in the following situation :
- I rely on Middleware for auth or security checks, which are not then validated later in my application.
- My app is hosted on Vercel.

Then I'm in the Affected and Not Affected sections. What do I conclude?

Have all a great day!

Answered by joulev

you are not affected

but you will be affected if you move the hosting to a different platform not covered under the "not affected" section

View full answer

5 Replies

Asian black bear

2025-04-01T09:53:25.372Z

You are technically vulnerable but Vercel has ad hoc firewall rules in place to prevent your app from receiving the malicious requests.

@American Crocodile Hi! The impact scope of the CVE 2025-29927 (https://nextjs.org/blog/cve-2025-29927) is not clear to me. I'm in the following situation : - I rely on Middleware for auth or security checks, which are not then validated later in my application. - My app is hosted on Vercel. Then I'm in the *Affected* and *Not Affected* sections. What do I conclude? Have all a great day!

2025-04-01T09:56:20.024Z

you are not affected

but you will be affected if you move the hosting to a different platform not covered under the "not affected" section

Answer

American CrocodileOP

2025-04-01T09:56:40.792Z

Great. Thanks a lot! Have a great day 🙂

Btw, how do you know all that? Is there doc about this?

Spectacled bear

2025-04-02T05:46:07.754Z

Article by Next - https://nextjs.org/blog/cve-2025-29927