Invicti's Web Application Security Blog Updates for 27 Mar 2025

View this email in your browser Weekly Update – 27 Mar 2025 Next.js middleware authorization bypass vulnerability: Are you vulnerable? A critical vulnerability in the Next.js framework, officially disclosed on March 21, 2025, allows attackers to bypass middleware security controls through a simple header manipulation. This post summarizes what we know about CVE-2025-29927, how you can mitigate the vulnerability, and how Invicti can help you detect and confirm your organization's risk. The post Next.js middleware authorization bypass vulnerability: Are you vulnerable? appeared first on Invicti.   Vulnerable and outdated components: An OWASP Top 10 threat Dealing with vulnerable and outdated components is the number one risk in software supply-chain security. The challenges of maintaining a full component inventory and keeping up with constant feature updates and security patches require a more proactive approach built around dynamic testing to check what you're running and which component vulnerabilities to prioritize. The post Vulnerable and outdated components: An OWASP Top 10 threat appeared first on Invicti.   More Recent Articles Missing X-Frame-Options header? You should be using CSP anyway Missing HTTP security headers: Avoidable risk, easy fix DAST vs. penetration testing: Key similarities and differences DAST vs. SAST: Getting real on static and dynamic application security testing Is DAST only for web applications? A fact-check on vulnerability scanning Copyright © 2025 Invicti, All rights reserved. You are receiving this email because you opted in as a Blog Subscribers.                                                                         Invicti Security Corp 1000 N Lamar Blvd Suite 300, Austin, TX 78703, United States Want to change how you receive these emails? You can update your preferences or unsubscribe from this list