Next.js Open Source Framework Affected By Critical Security Vulnerability - 1

Photo by James Wiseman on Unsplash

Next.js Open Source Framework Affected By Critical Security Vulnerability

  • Written by Andrea Miliani Former Tech News Expert
  • Fact-Checked by Sarah Frazier Former Content Manager

Researchers recently revealed a security vulnerability in Next.js, a widely used open-source React framework, allowing malicious actors to bypass authorization in middleware and get access to systems. The flaw, labeled CVE-2025-29927, has been mitigated by Vercel.

In a rush? Here are the quick facts:

  • Cybersecurity researchers Allam Yasser and Allam Rachid unveiled a vulnerability in the popular framework Next.js
  • The flaw, identified as CVE-2025-29927, allowed malicious actors to bypass authorization in middleware.
  • Vercel took action and shared patches for all affected versions and updates a few days later.

According to Cyberscoop , Allam Yasser and Allam Rachid, cybersecurity researchers, spotted the vulnerability on February 27 and reported it to Vercel, the cloud company that created and maintains Next.js.

Vercel acknowledged the vulnerability and released patches for all affected versions about two weeks later. Last Friday, the company also issued a security advisory.

“We recommend that all self-hosted Next.js deployments using next start and output: ‘standalone’ should update immediately,” states Next.js’ advisory .

The document explains that the affected applications are the ones self-hosted and currently using Middleware. Applications hosted on Vercel, Netlify, or “deployed as static exports” are not affected by the vulnerability CVE-2025-29927. The ones using Cloudflare are advised to turn on a Managed WAF rule.

“We are not aware of any active exploits,” said Ty Sbano, Chief Information Security Officer (CISO) at Vercel, to Cyberscoop. “If someone hosts a Next.js application outside of Vercel, we would not have visibility into runtime or their analytics. Platforms like Vercel and Netlify were not affected.”

The cloud company doesn’t have accurate data on how many applications using Next.js are active on self-hosted platforms.

Rachid shared a paper on this blog, Next.js and the corrupt middleware: the authorizing artifact , with more details on their research to unveil the flaw affecting millions of users.

“A critical vulnerability can occur in any software, but when it affects one of the most popular frameworks, it becomes particularly dangerous and can have severe consequences for the broader ecosystem,” wrote Rachid.

The expert also addressed the company’s response time in mitigating the risk. “The vulnerability took a few days to be addressed by the Vercel team, but it should be noted that once they became aware of it, a fix was committed, merged, and implemented in a new release within a few hours (including backports).”

A few days ago, Cybersecurity experts at Pillar Security recently uncovered a vulnerability in two popular coding assistants , GitHub Copilot and Cursor.

AI Could Protect Your Electric Car From Cyberattacks - 2

Image by Red Dot, from Unsplash

AI Could Protect Your Electric Car From Cyberattacks

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

As electric vehicles (EVs) grow in popularity, their charging stations are becoming prime targets for cybercriminals. Hackers could disrupt power grids, steal sensitive data, or even take control of charging systems.

In a rush? Here are the quick facts:

  • AI predicts cyberattacks on EV chargers before they happen.
  • GAN-GRU model shows highest accuracy in threat detection.
  • Real-world attacks on EV chargers already occurred globally.

To combat this, researchers have developed an AI system that can forecast cyberattacks before they strike—giving operators crucial time to intervene.

A new study published in Scientific Reports introduces an AI-powered cybersecurity tool that predicts when an attack is likely to occur on an EV charging station. The system, based on a Generative Adversarial Network (GAN), estimates the Remaining Useful Life (RUL)—essentially calculating how much time remains before a cyberattack might happen.

By analyzing patterns in past attacks, the AI can warn operators in advance, allowing them to strengthen defenses or shut down vulnerable systems.

These AI systems were trained on real-world cyberattack data, including denial-of-service (DoS) attacks, ransomware, and data breaches, ensuring they could recognize both known and emerging threats.

Cyberattacks on EV charging stations are not just theoretical—they’ve already happened. The paper notes that in 2018 security researchers demonstrated how hackers could remotely disable charging stations.

The authors also cite that in 2021 a simulated attack in Europe revealed how cybercriminals could manipulate charging loads to destabilize power grids. And in 2023, a ransomware attack temporarily shut down charging networks in the U.S. and Europe.

These incidents highlight the urgent need for stronger cybersecurity measures.The researchers say that the new AI system offers several key advantages.

First, it reduces false alarms, ensuring operators only act on credible threats. Second, it provides early warnings, giving technicians time to patch vulnerabilities or isolate compromised systems. Third, it continuously improves by learning from new attack patterns, making it more effective over time.

Looking ahead, researchers suggest integrating this AI with blockchain technology to further secure transactions and user data. They also recommend real-world testing in live charging networks to refine the system’s accuracy.

As EV adoption accelerates, AI-driven cybersecurity could be the key to keeping charging stations—and the broader power grid—safe from hackers. With cyber threats growing more sophisticated, AI-powered defenses may soon become a standard feature in EV charging networks worldwide.