Exploit for CVE-2025-29927

Name: Exploit for CVE-2025-29927
Rating: 5 (127 reviews)
2025-05-03 | CVSS 9.1
## https://sploitus.com/exploit?id=D48DC22C-E786-564F-A4C3-4B62809A03D3
CVE-2025-29927 Scanner
=====================

This Python script identifies hosts vulnerable to CVE-2025-29927, an improper authorization vulnerability in the Next.js middleware that may allow authentication bypass. The script checks for Next.js usage, identifies the version, detects the x-middleware-subrequest header, and tests for potential authentication bypasses on specified routes.

WARNING: This script is for educational purposes and authorized security audits only. Unauthorized use on systems without explicit permission is illegal and unethical.

Features
--------
- Scans a list of hosts to detect Next.js usage.
- Identifies vulnerable Next.js versions (based on CVE-2025-29927).
- Tests authentication bypass on specified routes (via file or default).
- Supports parallel scanning with multiple threads.
- Automatically creates a routes.txt file with default routes if not provided.

Prerequisites
-------------
- Python 3.6 or higher
- Dependencies listed in requirements.txt

Installation
------------
1. Clone or download this repository:
   git clone <REPOSITORY_URL>
   cd cve-2025-29927-scanner

2. Create and activate a virtual environment (optional, but recommended):
   python -m venv venv
   source venv/bin/activate  # Linux/Mac
   venv\Scripts\activate     # Windows

3. Install the dependencies:
   pip install -r requirements.txt

Usage
-----

1. Prepare a hosts.txt file with a list of hosts (one per line). Example:
   example.com
   subdomain.example.com
   another-site.com

2. (Optional) Prepare a routes.txt file with routes to test (one per line). Example:
   api/auth
   dashboard
   admin
   If not provided, the script will automatically create a routes.txt with default routes.

3. Run the script:
   - Using default routes:
     python cve_2025_29927_scanner.py -f hosts.txt -t 10
   - Using a custom routes file:
     python cve_2025_29927_scanner.py -f hosts.txt -r custom_routes.txt -t 10

   Arguments:
   -f, --file: File with the list of hosts (required).
   -r, --routes: File with the list of routes (optional; uses routes.txt if not specified).
   -t, --threads: Maximum number of threads (default: 10).

4. Check the results in the terminal output.

Example Output
```

File routes.txt created with default routes.
Starting scan on 3 hosts with 3 routes...
Scan results:
------------------------------------------------------------
Host: https://example.com
Next.js detected: True
Version: 13.5.6
x-middleware-subrequest header: True
Vulnerable (version): True
Authentication bypass possible: True
Status: VULNERABLE
------------------------------------------------------------
```

Dependencies
------------
The dependencies are listed in requirements.txt:
- requests>=2.31.0
- urllib3>=1.26.18

Mitigation for CVE-2025-29927
-----------------------------
- Update Next.js to a non-affected version (see the official advisory: https://nextjs.org/docs/upgrading).
- Review middleware configuration to ensure robust authentication checks (see: https://nextjs.org/docs/middleware).

Contribution
------------
Contributions are welcome