The National Cyber Security Centre (NCSC) has issued an urgent alert for users of Next.js, a popular React-based web development framework, to patch a critical authorization bypass vulnerability (CVE-2025-29927) immediately. The flaw could allow attackers to bypass authorization checks, granting unauthorized access to sensitive data.

‍