Exploit for CVE-2025-29927

Name: Exploit for CVE-2025-29927
Rating: 5 (70 reviews)
2025-03-27 | CVSS 9.1
## https://sploitus.com/exploit?id=D3C669D4-E338-5ECD-9FE1-AF767DD58BFB
# Next.js Version Vulnerability Scanner by nocomp

## Overview

This Python script is a comprehensive tool for scanning multiple subdomains to detect Next.js versions and identify potential CVE-2025-29927 vulnerabilities. It provides a detailed analysis of web applications built with Next.js across different subdomains.
More info about the CVE: https://nextjs.org/blog/cve-2025-29927
## Features

- 🔍 Subdomain enumeration using multiple methods
- 🕵️ Next.js version detection
- 🚨 Vulnerability assessment for specific Next.js versions
- 📋 Detailed reporting with color-coded results
- 🌐 Supports multiple protocols and ports

## Prerequisites

Before using the script, ensure you have the following installed:

### System Dependencies
- Python 3.7+
- `subfinder` (for subdomain enumeration)
- `dig` (DNS lookup utility)
- `host` (DNS lookup utility)

### Python Dependencies
```bash
pip install requests termcolor
```

## Installation

1. Clone the repository:
```bash
git clone https://github.com/yourusername/nextjs-version-checker.git
cd nextjs-version-checker
```

2. Install Python dependencies:
```bash
pip install -r requirements.txt
```

## Usage

### Basic Scan
```bash
python next-js-version-checker.py -s example.com
```

### Command Line Arguments
- `-s` or `--subdomain`: (Required) The main domain to scan

## Output

The script provides multiple outputs:

1. Console Output
   - 🟢 Green: Secure Next.js version
   - 🔴 Red: Vulnerable Next.js version
   - 🟡 Yellow: No Next.js version detected

2. Generated Files
   - `example.com_subdomains.txt`: List of discovered subdomains
   - `example.com_nextjs_results.txt`: Detailed scan results

## Vulnerability Detection

The script checks for Next.js versions in these vulnerable ranges:
- `>11.1.4 <=13.5.6`
- `>14.0 <14.2.25`
- `>15.0 <15.2.3`

## Security Notes

⚠️ Caution:
- The script bypasses SSL certificate verification
- Use only in controlled, authorized environments
- Always obtain proper permissions before scanning

## Troubleshooting

1. Ensure all dependencies are installed
2. Check network connectivity
3. Verify domain accessibility
4. Run with sudo/administrator privileges if needed

## Contributing

Contributions are welcome! Please:
- Fork the repository
- Create a feature branch
- Submit a pull request

## License

feel free to use it

## Disclaimer

This tool is for educational and authorized security testing purposes only. Unauthorized scanning of systems is unethical and potentially illegal.