Next.js version 15.2.3 has been released to address a security vulnerability CVE-2025-29927.

The Next.js Blog provides insights, updates, and tutorials on Next.js, a popular React framework for building server-side rendered (SSR) and static websites. Developers can learn about Next.js features, routing mechanisms, and data fetching strategies, as well as explore real-world examples and use cases of Next.js applications.

Next.js

Next.js version 15.2.3 addresses the CVE-2025-29927 security vulnerability. Self-hosted deployments using `next start` and `output: 'standalone'` should update immediately. Applications on Vercel, Netlify, and Cloudflare are unaffected. The vulnerability involved bypassing Middleware checks, potentially skipping critical validations. Patches are available for versions 12, 13, 14, and 15.