Advisory
Hospitals That Are Oracle Customers Urged to Take Immediate Action to Address Security Vulnerability
On March 23, 2025, a critical vulnerability in Next.js middleware was disclosed and tracked as CVE-2025-29927. The vulnerability has a critical CVSS score of 9.1 and allows attackers to bypass authorization checks by adding a specially crafted request header to HTTP requests.
View the detailed bulletin below.
For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact: