Get up to 67% off VPS at Hostinger. Use code FIRESHIP for an extra discount at https://hostinger.com/fireship

Technical breakdown of the critical vulnerability CVE-2025-29927 that affects the React JavaScript framework Next.js. 

#cybersecurity #programming #thecodereport 

💬 Chat with Me on Discord

https://discord.gg/fireship

🔗 Resources

CVE-2025-29927 Deep Dive https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware
Firefox Zero Day https://youtu.be/2RmUMmUj3u8
Software bug iceberg https://youtu.be/Iq_r7IcNmUk?si=a-fggLH6vYHi4f1q

🔥 Get More Content - Upgrade to PRO

Upgrade at https://fireship.io/pro
Use code YT25 for 25% off PRO access 

🎨 My Editor Settings

- Atom One Dark 
- vscode-icons
- Fira Code Font

🔖 Topics Covered

- Drawbacks of using Next.js
- Next.js security flaw in middleware explained
- Cybersecurity issues for web developers
- Recent trends in web development

Fireship is a YouTube channel created by Jeff Delaney that offers quick tutorials and explanations on web development, programming, and tech trends. Known for the “100 Seconds of Code” and “The Code Report” series, the channel breaks down complex topics in a short, engaging format, covering everything from JavaScript frameworks to emerging technologies.

Fireship

A critical 9.1 security exploit affecting Next.js allows attackers to bypass authentication and authorization in middleware, putting many applications at risk. The vulnerability was discovered and reported on February 27th but was only patched on March 18th, leading to significant controversy and competitive drama between companies like Cloudflare and Vercel. Developers are advised to upgrade their Next.js apps immediately, especially if using middleware for security purposes, to mitigate potential damage.

Next.js rocked by critical 9.1 level exploit...

<p>I’m upvoting this for putting SRK in the thumbnail, and especially him in “Koyla”.</p>
