In light of the newly identified Next.js authorization bypass (CVE-2025-29927), we’re making our “Middleware.js” secure coding challenge completely free to access 
.
This vulnerability exemplifies how business logic flaws can slip through standard security scans—modern vulnerabilities don’t always follow patterns that scanners can easily detect. Let’s learn from this real-world scenario and prevent similar oversights in our own code.
Try the challenge here: https://play.secdim.com/game/javascript/challenge/middlewarejs