The Hacker News

Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution

Critical RSC flaws in React and Next.js enable unauthenticated remote code execution; users should update to patched versions ...
Bleeping Computer

Critical flaw in Next.js lets hackers bypass authorization

A critical severity vulnerability has been discovered in the Next.js open-source web development framework, potentially allowing attackers to bypass authorization checks. The flaw, tracked as CVE-2025 ...