@hdm.infosec.exchange.ap.brid.gy on Bluesky

JavaScript RequiredThis is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is. Learn more about Bluesky at bsky.social and atproto.com.

Post

HD Moore

hdm.infosec.exchange.ap.brid.gy

did:plc:qpiecqapdk3qqzrlm3o2twwa

Next.js dropped a CVSS 9.1 authentication bypass vulnerability (CVE-2025-29927) over the weekend. This flaw is trivially exploitable by sending the header `x-middleware-subrequest: true` and causes the request to skip all middleware processing, including any authentication steps. Shodan reports […] https://infosec.exchange/@hdm/114209441459410050

2025-03-23T02:47:25.846Z