Techly NewsGet the app

Get the latest tech news

Next.js version 15.2.3 has been released to address a security vulnerability


Next.js version 15.2.3 has been released to address a security vulnerability CVE-2025-29927.

Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops. If patching to a safe version is infeasible, it is recommended that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. GitHub Security Advisories and CVEs are industry-standard approaches to notifying users, vendors, and companies of vulnerabilities in software.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Next.js

Next.js

Photo of CVE-2025-29927

CVE-2025-29927

Related news:

News photo

How much traffic can a pre-rendered Next.js site handle?

News photo

You don't need Next.js – Why we migrated from Next to React

News photo

We switched from Next.js to Astro (and why it might interest you)

« Drama over quantum computing’s future heats up
China Explores Limiting Its EVs and Battery Exports For US Tariff Negotiations »