CVE-2025-29927— Authorization Bypass in Next.js Middleware
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-29927
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Authorization Bypass in Next.js Middleware
Source: NVD (National Vulnerability Database)
Vulnerability Description
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Next.js 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Next.js是Vercel开源的一个 React 框架。 Next.js 14.2.25之前版本和15.2.3之前版本存在安全漏洞,该漏洞源于如果授权检查发生在中间件中,可能绕过授权检查。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
II. Public POCs for CVE-2025-29927
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | Verify Next.js CVE-2025-29927 on Netlify not vulnerable | https://github.com/serhalp/test-cve-2025-29927 | POC Details |
| 2 | Next.js Middleware Authorization Bypass | https://github.com/Ademking/CVE-2025-29927 | POC Details |
| 3 | A Nuclei template to detect CVE-2025-29927 the Next.js authentication bypass vulnerability | https://github.com/6mile/nextjs-CVE-2025-29927 | POC Details |
| 4 | undefined | https://github.com/azu/nextjs-cve-2025-29927-poc | POC Details |
| 5 | None | https://github.com/lirantal/vulnerable-nextjs-14-CVE-2025-29927 | POC Details |
| 6 | CVE-2025-29927 Proof of Concept | https://github.com/aydinnyunus/CVE-2025-29927 | POC Details |
| 7 | None | https://github.com/ticofookfook/poc-nextjs-CVE-2025-29927 | POC Details |
| 8 | Next.js における認可バイパスの脆弱性を再現するデモです。 | https://github.com/t3tra-dev/cve-2025-29927-demo | POC Details |
| 9 | Proof-of-Concept for Authorization Bypass in Next.js Middleware | https://github.com/websecnl/CVE-2025-29927-PoC-Exploit | POC Details |
| 10 | Authorization Bypass in Next.js Middleware | https://github.com/MuhammadWaseem29/CVE-2025-29927-POC | POC Details |
| 11 | CVE-2025-29927 lab | https://github.com/strobes-security/nextjs-vulnerable-app | POC Details |
| 12 | CVE-2025-29927 Exploit Checker | https://github.com/RoyCampos/CVE-2025-29927 | POC Details |
| 13 | Demo for Next.js middleware bypass - CVE-2025-29927 | https://github.com/fourcube/nextjs-middleware-bypass-demo | POC Details |
| 14 | Next.Js 权限绕过漏洞(CVE-2025-29927) | https://github.com/iSee857/CVE-2025-29927 | POC Details |
| 15 | CVE-2025-29927 Proof of Concept | https://github.com/Eve-SatOrU/POC-CVE-2025-29927 | POC Details |
| 16 | CVE-2025-29927 Authorization Bypass in Next.js Middleware | https://github.com/arvion-agent/next-CVE-2025-29927 | POC Details |
| 17 | Next.js Middleware Auth Bypass | https://github.com/Oyst3r1ng/CVE-2025-29927 | POC Details |
| 18 | New nuclei CVE | https://github.com/lediusa/CVE-2025-29927 | POC Details |
| 19 | None | https://github.com/lem0n817/CVE-2025-29927 | POC Details |
| 20 | CVE-2025-29927の検証 | https://github.com/kuzushiki/CVE-2025-29927-test | POC Details |
| 21 | A deliberately Next.js app, vulnerable to CVE-2025-29927, Authorization Bypass | https://github.com/ricsirigu/CVE-2025-29927 | POC Details |
| 22 | Async Python scanner for Next.js CVE-2025-29927. Uses aiohttp & aiofiles to efficiently process large URL lists, detect vulnerabilities, and save results. Features connection pooling, caching, and chunked processing for fast performance | https://github.com/0xWhoknows/CVE-2025-29927 | POC Details |
| 23 | Nuclei Template: CVE-2025-29927 - Next.js Middleware Authentication Bypass | https://github.com/tobiasGuta/CVE-2025-29927-POC | POC Details |
| 24 | Sigma Rule for CVE-2025–29927 Detection | https://github.com/elshaheedy/CVE-2025-29927-Sigma-Rule | POC Details |
| 25 | Critical vulnerability in next.js : Bypass middleware authentication | https://github.com/furmak331/CVE-2025-29927 | POC Details |
| 26 | Ghost Route detects if a Next JS site is vulnerable to the corrupt middleware bypass bug (CVE-2025-29927) | https://github.com/takumade/ghost-route | POC Details |
| 27 | None | https://github.com/memmedrehimzade/CVE-2025-29927-vuln-app | POC Details |
| 28 | None | https://github.com/0xPb1/Next.js-CVE-2025-29927 | POC Details |
| 29 | None | https://github.com/jeymo092/cve-2025-29927 | POC Details |
| 30 | PoC for CVE-2025-29927: Next.js Middleware Bypass Vulnerability. Demonstrates how x-middleware-subrequest can bypass authentication checks. Includes Docker setup for testing. | https://github.com/alihussainzada/CVE-2025-29927-PoC | POC Details |
| 31 | PowerShell script to test if a web app is vulnerable to CVE-2025-29927 | https://github.com/TheresAFewConors/CVE-2025-29927-Testing | POC Details |
| 32 | None | https://github.com/0xPThree/next.js_cve-2025-29927 | POC Details |
| 33 | None | https://github.com/0xcucumbersalad/cve-2025-29927 | POC Details |
| 34 | script to check cve "CVE-2025-29927" while waiting to add it to HExHTTP | https://github.com/c0dejump/CVE-2025-29927-check | POC Details |
| 35 | None | https://github.com/maronnjapan/claude-create-CVE-2025-29927 | POC Details |
| 36 | This repository contains a proof of concept (POC) and an exploit script for CVE-2025-29927, a critical vulnerability in Next.js that allows attackers to bypass authorization checks implemented in middleware. | https://github.com/kOaDT/poc-cve-2025-29927 | POC Details |
| 37 | None | https://github.com/yugo-eliatrope/test-cve-2025-29927 | POC Details |
| 38 | A touch of security | https://github.com/Slvignesh05/CVE-2025-29927 | POC Details |
| 39 | Next.js Acceso no autorizado CVE-2025-29927 | https://github.com/aleongx/CVE-2025-29927 | POC Details |
| 40 | A demo of the CVE-2025-29927 vulnerability for a NebraskaJS lightning talk | https://github.com/nicknisi/next-attack | POC Details |
| 41 | Next.js CVE-2025-29927 Vulnerability Scanner | https://github.com/jmbowes/NextSecureScan | POC Details |
| 42 | Este script verifica la vulnerabilidad CVE-2025-29927 en servidores Next.js, probando múltiples cargas en la cabecera x-middleware-subrequest para detectar accesos no autorizados. | https://github.com/aleongx/CVE-2025-29927_Scanner | POC Details |
| 43 | how to hack 90% of next.js created websites with CVE-2025-29927 vulnerability exploit | https://github.com/Nekicj/CVE-2025-29927-exploit | POC Details |
| 44 | None | https://github.com/Heimd411/CVE-2025-29927-PoC | POC Details |
| 45 | None | https://github.com/m2hcz/m2hcz-Next.js-security-flaw-CVE-2025-29927---PoC-exploit | POC Details |
| 46 | CVE-2025-29927에 대한 설명 및 리서치 | https://github.com/KaztoRay/CVE-2025-29927-Research | POC Details |
| 47 | python script for evaluate if you are vulnerable or not to next.js CVE-2025-29927 | https://github.com/nocomp/CVE-2025-29927-scanner | POC Details |
| 48 | This repository is for educational and research purposes. | https://github.com/yuzu-juice/CVE-2025-29927_demo | POC Details |
| 49 | CVE-2025-29927: Next.js Middleware Exploit | https://github.com/0x0Luk/0xMiddleware | POC Details |
| 50 | NextSploit is a command-line tool designed to detect and exploit CVE-2025-29927, a security flaw in Next.js | https://github.com/AnonKryptiQuz/NextSploit | POC Details |
| 51 | Here is a simple but effective exploit for CVE-2025-29927. | https://github.com/w2hcorp/CVE-2025-29927-PoC | POC Details |
| 52 | This script scans a list of URLs to detect if they are using **Next.js** and determines whether they are vulnerable to **CVE-2025-29927**. It optionally attempts exploitation using a wordlist. | https://github.com/ferpalma21/Automated-Next.js-Security-Scanner-for-CVE-2025-29927 | POC Details |
| 53 | Next.js CVE-2025-29927 demonstration | https://github.com/dante01yoon/CVE-2025-29927 | POC Details |
| 54 | Next.js Auth Bypass Lab ‐ CVE-2025-29927 | https://github.com/ayato-shitomi/WebLab_CVE-2025-29927 | POC Details |
| 55 | None | https://github.com/Kamal-418/Vulnerable-Lab-NextJS-CVE-2025-29927 | POC Details |
| 56 | Next.js Middleware Bypass Vulnerability | https://github.com/alastair66/CVE-2025-29927 | POC Details |
| 57 | Next.js CVE-2025-29927 güvenlik açığı hakkında | https://github.com/BilalGns/CVE-2025-29927 | POC Details |
| 58 | None | https://github.com/nyctophile0969/CVE-2025-29927 | POC Details |
| 59 | A basic proof of concept of the CVE-2025-29927 vulnerability that allows to bypass the middleware scripts. | https://github.com/Naveen-005/Next.Js-middleware-bypass-vulnerability-CVE-2025-29927 | POC Details |
| 60 | Next.js and the corrupt middleware...TRY TO HACK IT..! | https://github.com/Gokul-Krishnan-V-R/cve-2025-29927 | POC Details |
| 61 | Next.js Middleware Authorization Bypass Tool (CVE-2025-29927) | https://github.com/fahimalshihab/NextBypass | POC Details |
| 62 | None | https://github.com/sn1p3rt3s7/NextJS_CVE-2025-29927 | POC Details |
| 63 | CVE-2025-29927 is a critical vulnerability in Next.js, a popular React-based web framework. The flaw exists in how the middleware feature handles certain internal headers — specifically, the x-middleware-subrequest header | https://github.com/Balajih4kr/cve-2025-29927 | POC Details |
| 64 | vulnerable-nextjs-14-CVE-2025-29927 | https://github.com/YEONDG/nextjs-cve-2025-29927 | POC Details |
| 65 | Next.js Middleware Bypass Scanne | https://github.com/gotr00t0day/CVE-2025-29927 | POC Details |
| 66 | CVE-2025-29927 | https://github.com/pixilated730/NextJS-Exploit- | POC Details |
| 67 | CVE-2025-29927 ~ a poc of the next.js middleware authentication bypass | https://github.com/ValGrace/middleware-auth-bypass | POC Details |
| 68 | None | https://github.com/goncalocsousa1/CVE-2025-29927 | POC Details |
| 69 | None | https://github.com/pickovven/vulnerable-nextjs-14-CVE-2025-29927 | POC Details |
| 70 | Research on Next.js middleware vulnerability (CVE-2025-29927) allowing authorization bypass and potential exploits. | https://github.com/l1uk/nextjs-middleware-exploit | POC Details |
| 71 | Next.js CVE-2025-29927 Hunter | https://github.com/darklotuskdb/nextjs-CVE-2025-29927-hunter | POC Details |
| 72 | Next.js contains a critical middleware bypass vulnerability affecting versions 11.1.4 through 15.2.2. The vulnerability allows attackers to bypass middleware security controls by sending a specially crafted 'x-middleware-subrequest' header, which can lead to authorization bypass and other security control circumvention. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-29927.yaml | POC Details |
| 73 | A critical vulnerability in Next.js middleware allows attackers to bypass authorization checks by manipulating the x-middleware-subrequest header. This flaw affects Next.js versions prior to 14.2.25 and 15.2.3, potentially granting unauthorized access to sensitive resources. | https://github.com/projectdiscovery/nuclei-templates/blob/main/headless/cves/2025/CVE-2025-29927-HEADLESS.yaml | POC Details |
| 74 | None | https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Next.js%20%E4%B8%AD%E9%97%B4%E4%BB%B6%E9%89%B4%E6%9D%83%E7%BB%95%E8%BF%87%E6%BC%8F%E6%B4%9E%20CVE-2025-29927.md | POC Details |
| 75 | https://github.com/vulhub/vulhub/blob/master/next.js/CVE-2025-29927/README.md | POC Details | |
| 76 | POC CVE-2025-29927 | https://github.com/ethanol1310/POC-CVE-2025-29927- | POC Details |
| 77 | Exploit for CVE-2025-29927 (Next.js) - Authorization Bypass | https://github.com/UNICORDev/exploit-CVE-2025-29927 | POC Details |
| 78 | Simulates CVE-2025-29927, a critical Next.js vulnerability allowing attackers to bypass middleware authorization by exploiting the internal x-middleware-subrequest HTTP header. Demonstrates unauthorized access to protected routes and provides mitigation strategies. | https://github.com/Knotsecurity/CVE-2025-29927-NextJs-Middleware-Simulation | POC Details |
| 79 | None | https://github.com/mhamzakhattak/CVE-2025-29927 | POC Details |
| 80 | New nuclei CVE | https://github.com/emadshanab/CVE-2025-29927 | POC Details |
| 81 | A touch of security | https://github.com/bitdotioinc/CVE-2025-29927 | POC Details |
| 82 | > 🔓 Proof-of-Concept for a fictional Next.js middleware bypass (CVE-2025-29927) — craft sub-requests to test protected routes. | https://github.com/m2hcz/PoC-for-Next.js-Middleware | POC Details |
| 83 | CVE-2025-29927에 대한 설명 및 리서치 | https://github.com/AventurineJun/CVE-2025-29927-Research | POC Details |
| 84 | CVE-2025-29927: Next.js Middleware Exploit | https://github.com/luq0x/0xMiddleware | POC Details |
| 85 | None | https://github.com/0xnxt1me/CVE-2025-29927 | POC Details |
| 86 | None | https://github.com/enochgitgamefied/NextJS-CVE-2025-29927 | POC Details |
| 87 | None | https://github.com/Grand-Moomin/Vuln-Next.js-CVE-2025-29927 | POC Details |
| 88 | None | https://github.com/pouriam23/Next.js-Middleware-Bypass-CVE-2025-29927- | POC Details |
| 89 | CVE-2025-29927: Next.js Middleware Bypass Vulnerability | https://github.com/kh4sh3i/CVE-2025-29927 | POC Details |
| 90 | Next.js middleware bypass exploit | https://github.com/EQSTLab/CVE-2025-29927 | POC Details |
| 91 | Next js middlewareauth Bypass | https://github.com/Hirainsingadia/CVE-2025-29927 | POC Details |
| 92 | CVE-2025-29927 | https://github.com/hed1ad/CVE-2025-29927 | POC Details |
| 93 | This is a CVE-2025-29927 Scanner. | https://github.com/HoumanPashaei/CVE-2025-29927 | POC Details |
| 94 | None | https://github.com/rubbxalc/CVE-2025-29927 | POC Details |
| 95 | None | https://github.com/olimpiofreitas/CVE-2025-29927_scanner | POC Details |
| 96 | Next.js Auth Bypass PoC Edge Runtime Env Leak via Middleware Bug | https://github.com/moften/CVE-2025-29927 | POC Details |
| 97 | x-middleware exploit for next.js CVE-2023–46298 cache poisoning and CVE-2025-29927 bypass | https://github.com/EarthAngel666/x-middleware-exploit | POC Details |
| 98 | None | https://github.com/enochgitgamefied/NextJS-CVE-2025-29927-Docker-Lab | POC Details |
| 99 | 🔐 Python-based smart scanner for CVE-2025-29927 — Next.js middleware authentication bypass vulnerability. Detects meta refresh, keyword-based redirects, and more. | https://github.com/sagsooz/CVE-2025-29927 | POC Details |
| 100 | vulnerable-nextjs-14-CVE-2025-29927 | https://github.com/SugiB3o/vulnerable-nextjs-14-CVE-2025-29927 | POC Details |
| 101 | CVE-2025-29927 | https://github.com/B1ack4sh/Blackash-CVE-2025-29927 | POC Details |
| 102 | None | https://github.com/amitlttwo/Next.JS-CVE-2025-29927 | POC Details |
| 103 | None | https://github.com/KamalideenAK/poc-cve-2025-29927 | POC Details |
| 104 | CVE-2025-29927 PoC | Auth Bypass Exploit | Python Tool using httpx | Middleware Vulnerability | Ethical Hacking Toolkit | https://github.com/mickhacking/Thank-u-Next | POC Details |
| 105 | CVE‑2025‑29927 is a critical vulnerability (CVSS 9.1) in Next.js that allows attackers to bypass middleware‑based security checks. | https://github.com/Kamal-Hegazi/CVE-2025-29927-Next.js-Middleware-Authorization-Bypass | POC Details |
| 106 | Authorization Bypass in Next.js Middleware | https://github.com/dedibagus/cve-2025-29927-poc | POC Details |
| 107 | None | https://github.com/olimpiofreitas/CVE-2025-29927-scanner | POC Details |
| 108 | The POC for m6.fr website | https://github.com/sahbaazansari/CVE-2025-29927 | POC Details |
| 109 | A touch of security | https://github.com/newweshi/CVE-2025-29927 | POC Details |
| 110 | → poc for CVE-2025-29927 | https://github.com/b4sh0xf/PoC-CVE-2025-29927 | POC Details |
| 111 | 🔓 Next.js Auth Bypass Demo - Educational application demonstrating CVE-2025-29927 middleware authentication bypass vulnerability . ⚠️ For educational use only. | https://github.com/aayush256-sys/next-js-auth-bypass | POC Details |
| 112 | None | https://github.com/rgvillanueva28/vulnbox-easy-CVE-2025-29927 | POC Details |
| 113 | CVE-2025-29927에 대한 설명 및 리서치 | https://github.com/Haruaventure/CVE-2025-29927-Research | POC Details |
| 114 | None | https://github.com/R3verseIN/Nextjs-middleware-vulnerable-appdemo-CVE-2025-29927 | POC Details |
| 115 | PoC | NextJS Middleware 15.2.2 - Authorization Bypass | https://github.com/zs1n/CVE-2025-29927 | POC Details |
| 116 | CVE-2025-29927에 대한 설명 및 리서치 | https://github.com/AventurineJ/CVE-2025-29927-Research | POC Details |
| 117 | This repository contains **research and analysis** related to CVE-2025-29927. It demonstrates safe, controlled testing approaches for a path traversal/middleware misconfiguration vulnerability in web applications. | https://github.com/MKIRAHMET/CVE-2025-29927-PoC | POC Details |
| 118 | do not use. vulnerable | https://github.com/adjscent/vulnerable-nextjs-14-CVE-2025-29927 | POC Details |
| 119 | None | https://github.com/sdrtba/CVE-2025-29927 | POC Details |
| 120 | None | https://github.com/JOOJIII/CVE-2025-29927 | POC Details |
| 121 | None | https://github.com/iteride/CVE-2025-29927 | POC Details |
| 122 | CVE-2025-29927 | https://github.com/sermikr0/nextjs-middleware-auth-bypass | POC Details |
| 123 | Next.js middleware auth-bypass lab (CVE-2025-29927 simulation) | https://github.com/amalpvatayam67/day10-nextjs-middleware-lab | POC Details |
| 124 | CVE‑2025‑29927 is a critical vulnerability (CVSS 9.1) in Next.js that allows attackers to bypass middleware‑based security checks. | https://github.com/0xh3g4z1/CVE-2025-29927-Next.js-Middleware-Authorization-Bypass | POC Details |
| 125 | CVE-2025-29927에 대한 설명 및 리서치 | https://github.com/Viperazor/CVE-2025-29927-Research | POC Details |
| 126 | None | https://github.com/kuyrathdaro/cve-2025-29927 | POC Details |
| 127 | Simple script to attempt a Bypass on a server possibly vulnerable to CVE-2025-29927 (Next.js Middleware) | https://github.com/diogolourencodev/middleforce | POC Details |
| 128 | Reproduction and fix of the CVE-2025-29927 vulnerability. | https://github.com/Bongni/CVE-2025-29927 | POC Details |
| 129 | Next.js Auth Bypass PoC Edge Runtime Env Leak via Middleware Bug | https://github.com/moften/CVE-2025-29927_Next.js_Auth_Bypass | POC Details |
| 130 | Una CTF, in formato DSP-compliant, basata sulla CVE-2025-29927 di nextjs. | https://github.com/NS-Projects-Unina/CTF_CVE_DSP_1 | POC Details |
| 131 | None | https://github.com/lucaschanzx/CVE-2025-29927-PoC | POC Details |
| 132 | None | https://github.com/BugHawak/CVE-2025-29927 | POC Details |
| 133 | 🔓 Next.js Auth Bypass Demo - Educational application demonstrating CVE-2025-29927 middleware authentication bypass vulnerability . ⚠️ For educational use only.[Made using Ai] | https://github.com/kazuya256/next-js-auth-bypass | POC Details |
| 134 | Ghost Route detects if a Next JS site is vulnerable to the corrupt middleware bypass bug (CVE-2025-29927) | https://github.com/phoscoder/ghost-route | POC Details |
| 135 | CVE-2025-29927 | https://github.com/Ashwesker/Blackash-CVE-2025-29927 | POC Details |
| 136 | PoC for testing CVE-2025-29927 for Next.js versions 11.x, 12.x <= 12.3.5, 13.x <= 13.5.9, 14.x <=14.2.25, 15.x <= 15.2.3 | https://github.com/liamromanis101/CVE-2025-29927-NextJS | POC Details |
| 137 | None | https://github.com/radzek15/CVE-2025-29927-Next.js-middleware | POC Details |
| 138 | A touch of security | https://github.com/w3shinew/CVE-2025-29927 | POC Details |
| 139 | CVE-2025-29927 | https://github.com/Ashwesker/Ashwesker-CVE-2025-29927 | POC Details |
| 140 | Interactive cybersecurity threat intelligence dashboard with 5 critical vulnerabilities, CVSS scoring, exploitation analysis, and bug bounty hunting guides (TE.0, CVE-2025-29927, Shadow AI, Kimwolf, LastPass) | https://github.com/N3k0t-dev/bughunter-cyber-intel-dashboard | POC Details |
| 141 | Next.js CVE-2025-29927 güvenlik açığı hakkında | https://github.com/0xb1lal/CVE-2025-29927 | POC Details |
| 142 | 演示 Next.js 中的 Middleware 授權繞過漏洞 (CVE-2025-29927) 允許未經授權的用戶存取受保護的資訊。 | https://github.com/lstudlo/nextjs-cve-demo | POC Details |
| 143 | A Proof of Concept for CVE-2025-29927 demonstrating a middleware bypass in Next.js versions prior to 13.5.9 | https://github.com/DanielHallbro/CVE-2025-29927-Nextjs-Bypass-PoC | POC Details |
| 144 | Capture the Flag challenge: CVE-2025-29927 in combination with a command injection vulnerability | https://github.com/Si-Ni/CVE-2025-29927-Proof-of-Concept | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-29927
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: next.js
- CVE-2026-29057
Next.js: HTTP request smuggling in rewrites - CVE-2026-27980
Next.js: Unbounded next/image disk cache growth can exhaust - CVE-2026-27979
Next.js: Unbounded postponed resume buffering can lead to Do - CVE-2026-27978
Next.js: null origin can bypass Server Actions CSRF checks - CVE-2026-27977
Next.js: null origin can bypass dev HMR websocket CSRF check
Same vendor: vercel
- CVE-2026-29057
Next.js: HTTP request smuggling in rewrites - CVE-2026-27980
Next.js: Unbounded next/image disk cache growth can exhaust - CVE-2026-27979
Next.js: Unbounded postponed resume buffering can lead to Do - CVE-2026-27978
Next.js: null origin can bypass Server Actions CSRF checks - CVE-2026-27977
Next.js: null origin can bypass dev HMR websocket CSRF check
Same weakness: CWE-285
- CVE-2026-8241
Industrial Application Software IAS Canias ERP RMI iasGetSer - CVE-2026-42202
nova-toggle-5: Improper authorization on toggle endpoint all - CVE-2026-33823
Microsoft Team Events Portal Information Disclosure Vulnerab - CVE-2026-41572
Note Mark: Unauthenticated read of notes and assets in soft- - CVE-2026-7713
crocodilestick Calibre-Web-Automated Kobo auth-token Route k
V. Comments for CVE-2025-29927
No comments yet