I don't normally post JS stuff, but CVE-2025-29927 is a whole lot of fun!
"it was possible to skip running Middleware, which could allow requests to skip critical checks—such as authorization cookie validation—before reaching routes." 😱
https://nextjs.org/blog/cve-2025-29927
Get your Next.js updated!