5:["$","div",null,{"className":"mx-auto max-w-3xl px-4 py-8","children":[["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"NewsArticle\",\"headline\":\"Vercel Firewall's Proactive Protection Against Next.js CVE-2025-29927\",\"datePublished\":\"2025-03-22T13:00:00+00:00\",\"author\":[{\"@type\":\"Organization\",\"name\":\"Vercel News\"}]}"}}],["$","$L41",null,{"article":{"id":"tag:google.com,2005:reader/item/0006446e2ccbbe64","title":"Vercel Firewall's Proactive Protection Against Next.js CVE-2025-29927","category":"Security Protection","summary":"In response to the previously reported Next.js authorization bypass vulnerability (CVE-2025-29927), Vercel confirmed its firewall has actively intercepted related exploitation attempts, ensuring platform customers remain unaffected. While hosting environments provide security barriers, Vercel emphasizes that framework-level updates are fundamental to defense, urging all developers to upgrade affected Next.js versions to patch the vulnerability.","tldr":"Vercel Firewall has intercepted attacks targeting the Next.js middleware vulnerability, and users are required to update the SDK.","highlights":"Firewall automatically intercepts attack traffic; 2. Even when hosted in the cloud, **underlying SDK security** must be maintained.","critiques":"Overemphasizing platform protection capabilities may lead developers to become complacent; 2. Relying on specific vendor WAF protection is not foolproof, and application security governance should focus on the framework itself.","marketTake":"In the cloud computing era, vendor proactive protection can quickly mitigate damage, but enterprise internal DevSecOps processes cannot be overlooked. For self-hosted scenarios, the impact of this vulnerability remains significant.","keywords":["Vercel","Firewall","Vulnerability Defense","Security"],"translated_at":"2026-05-30T07:52:28.94454+00:00","model_used":"Qwen/Qwen3-8B","link":"https://vercel.com/changelog/vercel-firewall-proactively-protects-against-vulnerability-with-middleware","sourceName":"Vercel News","published":"2025-03-22T13:00:00+00:00","n8n_processing_date":"2025-03-22T13:00:00+00:00","verdict":{"type":"News","score":8,"importance":"必知要闻"},"created_at":"2025-03-22T13:00:00+00:00","tags":[]},"initialContent":{"title":"Vercel 防火墙对 Next.js CVE-2025-29927 的主动防护","content":"\n

A security vulnerability in Next.js was responsibly disclosed, which allows malicious actors to bypass authorization in Middleware when targeting the x-middleware-subrequest header.

Vercel customers are not affected. We still recommend updating to the patched versions. Learn more about CVE-2025-29927.

\n Read more\n

\n ","source":"Vercel News"},"dict":"$34:props:dict"}]]}]