Last week, we published CVE-2025-29927 and patched a critical severity vulnerability in Next.js. Here’s our post-incident analysis and next steps. On 27 Feb 2025 06:03:00 GMT, the vulnerability was disclosed to the Next.js team through GitHub private reporting.
Full article