Next.js security advisory (AV25-162)

Serial number: AV25-162
Date: March 25, 2025

On March 22, 2025, Next.js published a security advisory to address a critical vulnerability VulnerabilityA flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations. in the following product:

• Next.js – 15.x versions prior to 15.2.3
• Next.js – 14.x versions prior to 14.2.25
• Next.js – 13.x versions prior to 13.5.9
• Next.js – 12.x versions prior to 12.3.5

The Cyber Centre encourages users and administrators to review the web link provided below and apply the necessary updates.

• CVE-2025-29927