Exploit for CVE-2025-29927

Name: Exploit for CVE-2025-29927
Rating: 5 (10 reviews)

2025-06-29 | CVSS 9.1

## https://sploitus.com/exploit?id=71123042-4CD6-5D14-B793-51D57884B070
# CVE-2025-29927: Next.js Middleware Bypass Vulnerability PoC (exploit code)
This repository demonstrates the exploit code of CVE-2025-29927 vulnerability in Next.js, where the internal header x-middleware-subrequest can be used to bypass middleware checks like authentication.

Affected Versions
Next.js 15.x < 15.2.3
Next.js 14.x < 14.2.25
Next.js 13.x < 13.5.9

Steps to Reproduce
1. Clone the Repository:
git clone https://github.com/alihussainzada/CVE-2025-29927-PoC.git
2. Navigate to the Project Folder:
cd CVE-2025-29927-PoC
4. run exploit code:
python3 poc.py http://vulnerable.app