Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-29927 PoC — Authorization Bypass in Next.js Middleware

Source
https://github.com/lediusa/CVE-2025-29927
Associated Vulnerability
Title:Authorization Bypass in Next.js Middleware (CVE-2025-29927)
Description:Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
Description
New nuclei CVE
Readme
# CVE-2025-29927 - Next.js Middleware Authentication Bypass (Advanced Bypass)

## 🔥 Overview
An **advanced PoC** for **CVE-2025-29927**, allowing authentication bypass in **Next.js Middleware** by manipulating specific headers.  
This template enhances **WAF evasion** and **security bypass** techniques.

## 🚀 Features
✅ **Multi-Request & HTTP Method Variation** → Uses `GET`, `POST` to maximize detection.  
✅ **WAF Evasion** → Includes `X-Forwarded-For`, `X-Original-URL`, `X-Rewrite-URL`, and more.  
✅ **Randomized Query Parameters** → Prevents caching issues and improves bypass reliability.  
✅ **Multiple Response Matching** → Detects `200 OK`, `Next.js` headers, and sensitive content.  

## 🛠️ Usage
1️⃣ **Install** → `go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest`  
2️⃣ **Template** → `git clone https://github.com/lediusa/CVE-2025-29927.git`  
3️⃣ **Run Scan** → `nuclei -t CVE-2025-29927.yaml -u http://target.com`  

📌 **Note:** This template is for **security research & authorized testing only.**
File Snapshot

 [4.0K]  /data/pocs/ff3d4909bc998f48bb40d3bf09822a18a5326ad2
├── [2.8K]  CVE-2025-29927.yaml
└── [1.1K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →