Bleeping Computer

Critical flaw in Next.js lets hackers bypass authorization

A critical severity vulnerability has been discovered in the Next.js open-source web development framework, potentially allowing attackers to bypass authorization checks. The flaw, tracked as CVE-2025 ...
Dark Reading

Malicious Next.js Repos Target Developers Via Fake Job Interviews

Attackers are targeting developers with malicious Next.js repositories to perform remote code execution (RCE) and establish a persistent command-and-control (C2) channel on infected machines in a ...
Bleeping Computer

Critical React, Next.js flaw lets hackers execute code on servers

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.