Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-29927 PoC — Authorization Bypass in Next.js Middleware

Source
https://github.com/fahimalshihab/NextBypass
Associated Vulnerability
Title:Authorization Bypass in Next.js Middleware (CVE-2025-29927)
Description:Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
Description
Next.js Middleware Authorization Bypass Tool (CVE-2025-29927)
Readme
# NextBypass 🚨
**Next.js Middleware Authorization Bypass Tool (CVE-2025-29927)**

[![asciicast](https://asciinema.org/a/uyDuYrRBj2r8gqN1u6oDvsEVU.svg)](https://asciinema.org/a/uyDuYrRBj2r8gqN1u6oDvsEVU)
## Features
- Exploit CVE-2025-29927 via `x-middleware-subrequest` header  
- Auto-browser integration (Proxy/Bookmarklet)  
- Vulnerability scanning & log analysis  
- Network traffic monitoring  

## Installation
```bash
git clone https://github.com/your-username/NextBypass.git
cd NextBypass
chmod +x NextBypass
```

## Usage
```bash
./NextBypass  # Interactive menu
```

## Options
| Option | Description                          |
|--------|--------------------------------------|
| 1      | Terminal exploit                     |
| 2      | Browser exploit (Proxy/Bookmarklet)  |
| 3      | Vulnerability checker                |
| 4      | Scan logs for attacks                |
| 5      | Monitor network traffic (Root)       |

## Legal
- **Educational use only**  
- **Not responsible for misuse**  
- **Upgrade Next.js to patched versions**  

[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
File Snapshot

 [4.0K]  /data/pocs/50449d61a692897166e2269dba9c74137fd03d57
├── [1.0K]  LICENSE
└── [1.1K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →