Back to KEVs

CVE-2025-29927

Authorization Bypass in Next.js Middleware

Basic Information

CVE State: PUBLISHED
Reserved Date: March 12, 2025
Published Date: March 21, 2025
Last Updated: April 08, 2025
Vendor: vercel
Product: next.js
Description: Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
Tags

CVSS Scores

CVSS v3.1

9.1 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

SSVC Information

Exploitation: none
Automatable: Yes
Technical Impact: total

Exploit Status

Proof of Concept Available: Yes (added 2025-03-28 02:31:58 UTC) Source

References

https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw https://github.com/vercel/next.js/commit/52a078da3884efe6501613c7834a3d02a91676d2 https://github.com/vercel/next.js/commit/5fd3ae8f8542677c6294f32d18022731eab6fe48 https://github.com/vercel/next.js/releases/tag/v12.3.5 https://github.com/vercel/next.js/releases/tag/v13.5.9

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2025-12-15 14:29:13 UTC

Scanner Integrations

Scanner	URL	Date Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-29927.yaml	2025-04-25 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

EQSTLab/CVE-2025-29927

Type: github • Created: 2025-04-25 08:51:52 UTC • Stars: 0

Next.js middleware bypass exploit

kh4sh3i/CVE-2025-29927

Type: github • Created: 2025-04-23 08:19:58 UTC • Stars: 0

CVE-2025-29927: Next.js Middleware Bypass Vulnerability

pouriam23/Next.js-Middleware-Bypass-CVE-2025-29927-

Type: github • Created: 2025-04-21 12:50:09 UTC • Stars: 1

Grand-Moomin/Vuln-Next.js-CVE-2025-29927

Type: github • Created: 2025-04-18 00:47:47 UTC • Stars: 0

enochgitgamefied/NextJS-CVE-2025-29927

Type: github • Created: 2025-04-16 22:39:55 UTC • Stars: 0

mhamzakhattak/CVE-2025-29927

Type: github • Created: 2025-04-16 10:28:16 UTC • Stars: 0

Knotsecurity/CVE-2025-29927-NextJs-Middleware-Simulation

Type: github • Created: 2025-04-16 07:33:54 UTC • Stars: 0

Simulates CVE-2025-29927, a critical Next.js vulnerability allowing attackers to bypass middleware authorization by exploiting the internal x-middleware-subrequest HTTP header. Demonstrates unauthorized access to protected routes and provides mitigation strategies.

UNICORDev/exploit-CVE-2025-29927

Type: github • Created: 2025-04-14 15:12:13 UTC • Stars: 3

Exploit for CVE-2025-29927 (Next.js) - Authorization Bypass

ethanol1310/POC-CVE-2025-29927-

Type: github • Created: 2025-04-13 08:23:11 UTC • Stars: 0

POC CVE-2025-29927

darklotuskdb/nextjs-CVE-2025-29927-hunter

Type: github • Created: 2025-04-11 20:42:09 UTC • Stars: 1

Next.js CVE-2025-29927 Hunter

pickovven/vulnerable-nextjs-14-CVE-2025-29927

Type: github • Created: 2025-04-08 23:25:24 UTC • Stars: 0

goncalocsousa1/CVE-2025-29927

Type: github • Created: 2025-04-08 09:29:48 UTC • Stars: 1

gotr00t0day/CVE-2025-29927

Type: github • Created: 2025-04-06 20:59:10 UTC • Stars: 2

Next.js Middleware Bypass Scanne

sn1p3rt3s7/NextJS_CVE-2025-29927

Type: github • Created: 2025-04-04 12:50:43 UTC • Stars: 0

Naveen-005/Next.Js-middleware-bypass-vulnerability-CVE-2025-29927

Type: github • Created: 2025-04-02 05:19:35 UTC • Stars: 0

A basic proof of concept of the CVE-2025-29927 vulnerability that allows to bypass the middleware scripts.

nyctophile0969/CVE-2025-29927

Type: github • Created: 2025-04-01 19:23:52 UTC • Stars: 0

BilalGns/CVE-2025-29927

Type: github • Created: 2025-04-01 19:11:30 UTC • Stars: 0

Next.js CVE-2025-29927 güvenlik açığı hakkında

alastair66/CVE-2025-29927

Type: github • Created: 2025-04-01 15:30:21 UTC • Stars: 0

Next.js Middleware Bypass Vulnerability

Kamal-418/Vulnerable-Lab-NextJS-CVE-2025-29927

Type: github • Created: 2025-03-30 12:24:15 UTC • Stars: 1

ayato-shitomi/WebLab_CVE-2025-29927

Type: github • Created: 2025-03-30 03:52:42 UTC • Stars: 0

Next.js Auth Bypass Lab ‐ CVE-2025-29927

dante01yoon/CVE-2025-29927

Type: github • Created: 2025-03-29 08:49:38 UTC • Stars: 0

Next.js CVE-2025-29927 demonstration

ferpalma21/Automated-Next.js-Security-Scanner-for-CVE-2025-29927

Type: github • Created: 2025-03-29 04:13:06 UTC • Stars: 1

This script scans a list of URLs to detect if they are using **Next.js** and determines whether they are vulnerable to **CVE-2025-29927**. It optionally attempts exploitation using a wordlist.

w2hcorp/CVE-2025-29927-PoC

Type: github • Created: 2025-03-29 02:12:22 UTC • Stars: 1

Here is a simple but effective exploit for CVE-2025-29927.

yuzu-juice/CVE-2025-29927_demo

Type: github • Created: 2025-03-28 02:31:58 UTC • Stars: 0

This repository is for educational and research purposes.

nocomp/CVE-2025-29927-scanner

Type: github • Created: 2025-03-27 14:11:09 UTC • Stars: 0

python script for evaluate if you are vulnerable or not to next.js CVE-2025-29927

KaztoRay/CVE-2025-29927-Research

Type: github • Created: 2025-03-27 12:50:38 UTC • Stars: 8

CVE-2025-29927에 대한 설명 및 리서치

m2hcz/m2hcz-Next.js-security-flaw-CVE-2025-29927---PoC-exploit

Type: github • Created: 2025-03-27 11:48:35 UTC • Stars: 0

Heimd411/CVE-2025-29927-PoC

Type: github • Created: 2025-03-27 10:06:07 UTC • Stars: 0

Nekicj/CVE-2025-29927-exploit

Type: github • Created: 2025-03-27 08:42:03 UTC • Stars: 1

next.js CVE-2025-29927 vulnerability exploit

aleongx/CVE-2025-29927_Scanner

Type: github • Created: 2025-03-27 07:41:26 UTC • Stars: 0

Este script verifica la vulnerabilidad CVE-2025-29927 en servidores Next.js, probando múltiples cargas en la cabecera x-middleware-subrequest para detectar accesos no autorizados.

aleongx/CVE-2025-29927

Type: github • Created: 2025-03-26 19:08:14 UTC • Stars: 0

Next.js Acceso no autorizado CVE-2025-29927

w3shinew/CVE-2025-29927

Type: github • Created: 2025-03-26 16:24:15 UTC • Stars: 0

A touch of security

Slvignesh05/CVE-2025-29927

Type: github • Created: 2025-03-26 16:24:15 UTC • Stars: 0

A touch of security

emadshanab/CVE-2025-29927

Type: github • Created: 2025-03-26 07:56:23 UTC • Stars: 0

New nuclei CVE

maronnjapan/claude-create-CVE-2025-29927

Type: github • Created: 2025-03-25 22:36:14 UTC • Stars: 0

c0dejump/CVE-2025-29927-check

Type: github • Created: 2025-03-25 18:02:18 UTC • Stars: 3

script to check cve "CVE-2025-29927" while waiting to add it to HExHTTP

TheresAFewConors/CVE-2025-29927-Testing

Type: github • Created: 2025-03-25 11:39:14 UTC • Stars: 0

PowerShell script to test if a web app is vulnerable to CVE-2025-29927

alihussainzada/CVE-2025-29927-PoC

Type: github • Created: 2025-03-25 10:30:55 UTC • Stars: 0

PoC for CVE-2025-29927: Next.js Middleware Bypass Vulnerability. Demonstrates how x-middleware-subrequest can bypass authentication checks. Includes Docker setup for testing.

0xPb1/Next.js-CVE-2025-29927

Type: github • Created: 2025-03-25 07:15:36 UTC • Stars: 0

furmak331/CVE-2025-29927

Type: github • Created: 2025-03-25 02:20:36 UTC • Stars: 0

Critical vulnerability in next.js : Bypass middleware authentication

elshaheedy/CVE-2025-29927-Sigma-Rule

Type: github • Created: 2025-03-24 23:13:43 UTC • Stars: 0

Sigma Rule for CVE-2025–29927 Detection

0xWhoknows/CVE-2025-29927

Type: github • Created: 2025-03-24 19:18:20 UTC • Stars: 3

Async Python scanner for Next.js CVE-2025-29927. Uses aiohttp & aiofiles to efficiently process large URL lists, detect vulnerabilities, and save results. Features connection pooling, caching, and chunked processing for fast performance