This tweet mentions a proof of concept (POC) for bypassing the Next.js Web Application Firewall (WAF) using the vulnerability identified as CVE-2025-55182. This is a significant security issue because Next.js is a popular React framework used to build web applications, and a vulnerability in its WAF could allow attackers to bypass security controls and exploit other vulnerabilities such as Cross-Site Scripting (XSS), Remote Code Execution (RCE), SQL Injection (SQLi), or others depending on the context of the application. The bypass is demonstrated through a POC, which means a working example of the exploit has been created and shared. It is important for users of Next.js to update their WAF rules or software to protect against this bypass and monitor or audit their web applications for any unusual activity.
Original tweet: https://twitter.com/D0n9D0n9/status/1997982045784719497