Exploit for CVE-2025-29927

## https://sploitus.com/exploit?id=1AA4DEC8-1277-51C2-A0C2-523557029ACA
# CVE-2025-29927
★ CVE-2025-29927 Next.js middleware bypass PoC ★



## Description
CVE-2025-29927 : Next.js middleware bypass PoC
description: Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.

## Lab setup
```
cd next15
docker build --tag nextjs .
docker run -p 3000:3000 -it --rm nextjs
```
![image](https://github.com/user-attachments/assets/32398f35-ec80-4551-9ada-bd5238d6b5c1)


## How to use

### Git clone
```
git clone https://github.com/EQSTLab/CVE-2025-29927.git
cd CVE-2025-29927
```
### Command
```sh
chmod +x poc.sh
./poc.sh
```
### Output
![image](https://github.com/user-attachments/assets/c922ac5b-a1da-464a-ba6c-8fc5c52f8f61)
![image](https://github.com/user-attachments/assets/06198ea3-9f9c-48fb-af9e-bfe2aeea92c3)