CVE-2025-29927# CVE-2025-29927 - Critical Security Vulnerability in Next.js
# Description
Next.js is a React framework for building full-stack web applications. Starting in version `1.11.4` and prior to versions `12.3.5`, `13.5.9`, `14.2.25`, and `15.2.3`, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in `12.3.5`, `13.5.9`, `14.2.25`, and `15.2.3`.
# Metrics
CNA: `GitHub`, Inc. Base Score: 9.1 CRITICAL ⚫
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
# Vulnerability Details
The vulnerability arises from the improper handling of the internal `x-middleware-subrequest` header. By crafting requests that include this header, an attacker can bypass middleware security checks, effectively skipping authentication and authorization mechanisms.
# Affected Versions
Next.js versions prior to `14.2.25` and `15.2.3` are vulnerable.
# How to use
```
git clone https://github.com/B1ack4sh/Blackash-CVE-2025-29927
cd CVE-2025-29927
python3 -m venv .venv
source .venv/bin/activate
python3 exploit.py -h
```
# Quick to use
```
git clone https://github.com/B1ack4sh/Blackash-CVE-2025-29927
cd CVE-2025-29927
python3 -m venv .venv
source .venv/bin/activate
python3 exploit.py --hostname HOSTNAME
```
# ⚠️ Note: Ensure that your Next.js applications are always updated to the latest stable versions to prevent security risks.
登录后查看神龙缓存的 POC 文件快照
登录查看