CVE-2025-29927 PoC — Authorization Bypass in Next.js Middleware

Source

https://github.com/lem0n817/CVE-2025-29927

Associated Vulnerability

Title:Authorization Bypass in Next.js Middleware (CVE-2025-29927)
Description:Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.

Readme

# Next.js 中间件授权绕过漏洞测试环境 (CVE-2025-29927)

[English version](https://github.com/lem0n817/CVE-2025-29927/blob/main/README-EN.md)

## 📌 项目概述

本仓库提供了一个用于测试 Next.js 中间件授权绕过漏洞 (CVE-2025-29927) 的本地环境。该漏洞允许攻击者通过构造特殊的 `x-middleware-subrequest` 请求头绕过中间件的安全控制。

## 🚀 快速开始

### 安装步骤

```
# 克隆仓库
git clone https://github.com/lem0n817/CVE-2025-29927.git
cd CVE-2025-29927

# 安装依赖
npm install
```

### 启动环境

```
npm run build
npm run start
```

应用将运行在 [http://localhost:3000](http://localhost:3000/)

## ⚠️ 免责声明

此项目仅用于:

- 安全研究
- 漏洞教育
- 防御方案测试

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →