Next.js version 15.2.3 has been released to address a security vulnerability

Saturday, March 22nd 2025 Posted by Next.js version 15.2.3 has been released to address a security vulnerability (CVE-2025-29927 ). Additionally, backported patches are available. We recommend that all self-hosted Next.js deployments using next start and output: 'standalone' should update immediately. Continue reading for more details on the CVE. 2025-02-27T06:03Z : Disclosure to Next.js team via GitHub private vulnerability reporting : Disclosure to Next.js team via GitHub private vulnerability reporting 2025-03-14T17:13Z : Next.js team started triaging the report : Next.js team started triaging the report 2025-03-14T19:08Z : Patch pushed for Next.js 15.x : Patch pushed for Next.js 15.x 2025-03-14T19:26Z : Patch pushed for Next.js 14.x : Patch pushed for Next.js 14.x 2025-03-17T22:44Z : Next.js 14.2.25 released : Next.js 14.2.25 released 2025-03-18T00:23Z : Next.js 15.2.3 released : Next.js 15.2.3 released 2025-03-18T18:03Z : CVE-2025-29927 issued by GitHub : CVE-2025-2992 ... Read full article.