Next.js is a popular development library for web developers. In the authentication section of the library in affected versions, there is a vulnerability which would allow an attacker to bypass authentication, potentially gaining access to sensitive data or maninpulating targeted accounts. 

Given the popularity of this library in many web applications, the impact of this vulnerability may be wide.

The complexity required to exploit this vulnerability is low, meaning exploitation will likely be occurring en-masse.

To exploit the vulnerability, an attacker sends a crafted HTTP header as follows:

x-middleware-subrequest: middleware:middleware:middleware:middleware:middleware
 

This disables all authentication checks and allows attackers to access functionality which would normally be restricted pending authentication.

To mitigate, please upgrade to the following versions immediately:

• Next.js 15.2.3 or higher
• Next.js 14.2.25 or higher
• Next.js 13.5.9 or higher

Prior versions are affected.

This attack can be detected using WAF technology, with custom rules to detect it's use being made available currently.

Potentially affected customers should review WAF logs and contact Integrity360 Incident Response if they believe they are affected.

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation.