Exploit for CVE-2025-29927

## https://sploitus.com/exploit?id=892163F7-F7FF-5696-9753-7825CE6187BE
Here's a clean and informative `README.md` for your GitHub repo that explains it's a vulnerable Next.js application for CVE-2025-29927 and includes a link to your setup YouTube video:

---

# 🔓 NextJS-CVE-2025-29927 - Vulnerable Demo Application

This is a vulnerable **Next.js application** that demonstrates **CVE-2025-29927**, a security flaw identified in web applications using Next.js with improper input handling or access control flaws.

The project uses a **MySQL** backend and JWT Authenticaion and is designed for **educational and testing purposes** only — such as for penetration testing labs, responsible disclosure demos, and security research.

The passwords for the test accounts on users.csv is "123456" and secret key for JWT Authenticaion "JWT_SECRET" is added to the file ".env.local" and has been shared on this public repo on purpose and is not JWT token been used in production. This is simplify the deployment and testing.

You can also replace the secret key for the JWT with the one you generated but the .env file should exist for the JWT authenticaion to work.

> ⚠️ **Disclaimer**: This project is intentionally vulnerable. Do NOT deploy this in production environments. Use only in isolated or controlled setups for educational use.

---

## 📹 YouTube links on how to setup this project and 2nd is Demo on how it is exploited

1. Watch the full setup and demo guide on YouTube here how to setup this project:  
   ▶️ [https://www.youtube.com/watch?v=Akb3R34QnM8&t=482s]

   

2. Watch the full demo on YouTube here how the vulnerability is exploited:
  ▶️ [https://www.youtube.com/watch?v=3OPWodc2lx4]



---

## 🛠️ Tech Stack

- [Next.js](https://nextjs.org/)
- [MySQL](https://www.mysql.com/)
- RESTful API with insecure endpoints
- CVE-2025-29927 vulnerability demo

---

## 🚀 Getting Started

### Prerequisites

- Node.js (v18 or newer recommended)
- MySQL Server (Can use MySQL Workbench Community Edition which is free)
- Git

### 1. Clone the repository

```bash
git clone https://github.com/enochgitgamefied/NextJS-CVE-2025-29927.git
cd NextJS-CVE-2025-29927
```

### 2. Install dependencies

```bash
npm install
```

### 3. Configure the database

Create a MySQL database and update the connection details in:

```bash
/database/index.js
```
Simples setup would be to use the csv files shared on this repo to create the tables. The username accounts used all use the same password. The password is "123456". Watch the youtube video to get the full details and step by step instructions.

You can also use something like example below.
Example:
```js
const pool = mysql.createPool({
  host: 'localhost',
  user: 'root',
  password: 'yourpassword',
  database: 'cve_demo'
});
```

Then import the schema from `database/schema.sql` or run your own setup script.

### 4. Run the development server

```bash
npm run dev
```

Visit `http://localhost:3000` to view the app in your browser.

---

## 🐞 About the Vulnerability (CVE-2025-29927)

This application  contains NextJS middlware that acts as WAF(web application Firewall) and vulnerable version of next 13.4.9  that allows attackers to exploit vulnerabilities related to **authentication bypass**, **local file inclusion**, or **improper access control**. The goal is to help researchers understand how this CVE can be exploited and how to mitigate it.

---

## 📬 Blog Link

https://techtalkpine.com/2025/03/demo-for-cve-2025-29927-nextjs/


---

## 📄 License

This project is licensed under the [MIT License](LICENSE).

```

---