Protect against Next.js CVE-2025-29927 with Azure Web Application Firewall (WAF)

Next.js versions prior to 12.3.5, 13.5.9, 14.2.25 and 15.2.3 are vulnerable to bypass authorization checks within a Next.js application, according to a recently published CVE-2025-29927. It is strongly recommended to upgrade Next.js to a patched version – 12.3.5, 13.5.9, 14.2.25 or 15.2.3. For Next.js versions 11.x which currently have no patches…

27/03/2025Azure Network Security

Share:

You may be interested in

Azure WAF’s Bot Manager 1.1 and JavaScript Challenge: Navigating the Bot Threat Terrain
Azure Network Security,
Introduction Bots are a common presence on the internet, serving a range of functions from automating customer service to indexing pages for search engines. However, their capabilities can be…
06/11/2024
Monitoring traffic flows in Azure Firewall using Virtual Network Flow Logs
Azure Network Security,
Azure Firewall is a managed service designed to protect your Azure Virtual Network resources, providing advanced threat protection and advanced logs and metrics that are essential tools for monitoring and…
03/09/2024
New Blog | Validating FTP traffic scenarios with Azure Firewall
Azure Network Security,
Written by Gopikrishna Kannan (Head of Products: Azure Firewall and Firewall Manager) The Azure Firewall is a cloud-native and intelligent network firewall security service that can be integrated into…
21/07/2023
New blog post | Protect Office365 and Windows365 with Azure Firewall
Azure Network Security,
Office 365 customers are looking for the best cloud connectivity experience at scale to achieve end-to-end connectivity through the most optimized route possible. Traffic from the organization’s network to the…
19/05/2023
Securing web applications with Azure Front Door WAF CAPTCHA (Preview)
Azure Network Security,
Introduction Web applications today are constantly under siege from a range of threats, including automated bots and scrapers, as well as credential-focused threats such as credential stuffing and brute-force attacks.…
23/05/2025
Adjust permitted content types in Front Door Premium WAF
Azure Network Security,
Hi, I am tuning a Front Door Premium WAF policy for a web app which has just been deployed. I am seeing multiple hits on rule PROTOCOL-ENFORCEMENT-920420 due to a…
22/02/2024
New Blog | Malware Detection in Sentinel for Azure Firewall
Azure Network Security,
Malware refers to any software that is designed to cause damage, disruption, or compromise the security and functionality of computer systems, networks, or devices. It includes diverse types of threats,…
13/12/2023
New Blog | Private IP DNAT Support and Scenarios with Azure Firewall
Azure Network Security,
By Gustavo Modena Introduction Azure Firewall is a cloud native security service to protect your workloads running in Azure. It is a stateful firewall as a service with built-in high…
05/09/2024
Top Benefits of Azure cloud for your business
Azure Network Security,
Microsoft Azure is the leading provider of cloud infrastructure as a service (IaaS) and platform as a service (PaaS) solutions. The platform allows you to build, manage apps, and deploy…
18/12/2023
New Blog | Getting Started with Azure WAF REST API for Application Gateway: A Step-by-Step Guide
Azure Network Security,
By David Frazee REST API plays a pivotal role in the management of resources on Azure, offering a standardized and methodical approach for handling operations such as create, read, update,…
03/07/2024
New Blog | General availability of Azure WAF Bot Manager1.1 Ruleset
Azure Network Security,
By Sowmya Mahadevaiah Today, we are launching the general availability of Bot Manager1.1 ruleset in Azure WAF integrated with Azure Front Door. Bot Manager1.1 extends all the rules in the…
12/06/2024
Protect against SharePoint CVE-2025-53770 with Azure Web Application Firewall (WAF)
Azure Network Security,
Summary Microsoft recently disclosed CVE-2025-53770, a critical vulnerability affecting on-premises SharePoint Server versions 2016, 2019, 2010, 2013, and Subscription Edition (SE). The vulnerability allows unauthenticated remote code execution (RCE) by…
11/08/2025