To mitigate CVE-2025-29927, configure your WAF to strip the `x-middleware-subrequest` header from incoming requests in Next.js. This will prevent authorization bypass attacks. It is crucial to regularly update WAF rules to stay protected against such vulnerabilities.
For more insights, check out the original tweet here: https://twitter.com/transilienceai/status/1905589970850750808. And don’t forget to follow @transilienceai for more exciting updates in the world of cybersecurity.
Subscribe for the latest news: