The tweet mentions a Middleware bypass vulnerability CVE-2025-29927 affecting Next.js, with a CVSS score of 9.1. Cloudflare's WAF rule for this vulnerability is not auto-enabled, so users need to manually check and enable it. Vercel patched this vulnerability on 3/21/25 for versions 15.2.3+. This shows the continuous evolution and solid security measures in place for Vercel's Next.js edge.
For more insights, check out the original tweet here: https://twitter.com/JordanLambda/status/1904506132863095127