Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2025-29927 PoC — Authorization Bypass in Next.js Middleware

Source
https://github.com/amitlttwo/Next.JS-CVE-2025-29927
Associated Vulnerability
Title:Authorization Bypass in Next.js Middleware (CVE-2025-29927)
Description:Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
Readme

# Next.js Vulnerability Scanner (CVE-2025-29927)

[![Go Report Card](https://goreportcard.com/badge/github.com/yourusername/nextjs-scanner)](https://goreportcard.com/report/github.com/yourusername/nextjs-scanner)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)

A security tool to detect and verify Next.js applications vulnerable to CVE-2025-29927 (Authentication Bypass).

## Features

- 🎯 Accurate Next.js detection with multiple verification methods
- 🔍 Precise version comparison to identify vulnerable instances
- 🛡️ Exploit verification with zero false positives
- 🚀 High-performance concurrent scanning
- 📊 Multiple output formats (console, file)

## Installation

### Binary Releases

Download pre-built binaries from the [Releases page](https://github.com/yourusername/nextjs-scanner/releases).

### From Source

1. Ensure you have Go 1.20+ installed
2. Clone the repository:
   ```
   git clone https://github.com/yourusername/nextjs-scanner.git
   cd nextjs-scanner
 
  ```
File Snapshot

 [4.0K]  /data/pocs/b85611719ec71266ec36be6239294caadfab11f5
├── [ 14K]  nextjs-scanner.go
└── [1.0K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →