Play AppSec WarGames
Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.
CVE-2025-29927: Next.JS Authorization Bypass Secure Coding Challenge
In light of the newly identified Next.js authorization bypass (CVE-2025-29927), we’re making our “Middleware.js” secure coding challenge completely free to access 
.
This vulnerability exemplifies how business logic flaws can slip through standard security scans—modern vulnerabilities don’t always follow patterns that scanners can easily detect. Let’s learn from this real-world scenario and prevent similar oversights in our own code.
Try the challenge here: https://play.secdim.com/game/javascript/challenge/middlewarejs
