!Next.js Middleware Bypass (CVE-2025-29927)
by Rat1337 - Sunday March 30, 2025 at 06:53 PM
Breached
Member
Posts: 6
Threads: 2
Joined: Mar 2025
Reputation: 0
#1
03-30-2025, 06:53 PM
CVE-2025-29927 is a critical vulnerability in Next.js that allows attackers to bypass authorization checks by manipulating the x-middleware-subrequest
header. This affects versions prior to 14.2.25, 15.2.3, 13.5.9, and 12.3.5. Exploiting this flaw could grant unauthorized access to protected routes. To fix this, update Next.js to the latest patched versions. Additionally, implement secondary validation by adding authentication checks in your API routes, ensuring security isn't reliant solely on middleware.


Hidden Content
You must register or login to view this content.

Reply
Breached
Member
Posts: 6
Threads: 0
Joined: Oct 2023
Reputation: 0
#2
03-31-2025, 10:59 AM
thank you for sharing this, cant wait to have a look
Reply
Breached
Member
Posts: 18
Threads: 0
Joined: Dec 2024
Reputation: 0
#3
03-31-2025, 04:46 PM
yeahhhh very nice maboyyy
Reply
Banned

Posts: 41
Threads: 0
Joined: Jan 2024
Reputation: 0
#4
04-01-2025, 07:41 AM
thank you for sharing this, cant wait to have a look
This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: Leeching.
Reply
Breached
Member
Posts: 2
Threads: 0
Joined: Apr 2025
Reputation: 0
#5
04-01-2025, 09:26 PM
thank you for sharing this, cant wait to have a look
Reply
Breached
Member
Posts: 11
Threads: 0
Joined: Aug 2023
Reputation: 0
#6
04-02-2025, 11:27 AM
thanks for the bypass
Reply
Breached
Member
Posts: 36
Threads: 1
Joined: Mar 2025
Reputation: 0
#7
04-05-2025, 02:30 PM
thank you for sharing this dude
Reply
Breached
Member
Posts: 4
Threads: 0
Joined: Apr 2025
Reputation: 0
#8
04-05-2025, 02:31 PM
thanks sir for sharing this dude
Reply
Breached
Member
Posts: 4
Threads: 0
Joined: Mar 2025
Reputation: 0
#9
04-05-2025, 07:33 PM (This post was last modified: 04-05-2025, 07:33 PM by gg_tt.)
(03-30-2025, 06:53 PM)Rat1337 Wrote: CVE-2025-29927 is a critical vulnerability in Next.js that allows attackers to bypass authorization checks by manipulating the x-middleware-subrequest
header. This affects versions prior to 14.2.25, 15.2.3, 13.5.9, and 12.3.5. Exploiting this flaw could grant unauthorized access to protected routes. To fix this, update Next.js to the latest patched versions. Additionally, implement secondary validation by adding authentication checks in your API routes, ensuring security isn't reliant solely on middleware.

nice bro
[/url]
(03-30-2025, 06:53 PM)Rat1337 Wrote: CVE-2025-29927 is a critical vulnerability in Next.js that allows attackers to bypass authorization checks by manipulating the x-middleware-subrequest
header. This affects versions prior to 14.2.25, 15.2.3, 13.5.9, and 12.3.5. Exploiting this flaw could grant unauthorized access to protected routes. To fix this, update Next.js to the latest patched versions. Additionally, implement secondary validation by adding authentication checks in your API routes, ensuring security isn't reliant solely on middleware.

nice bro
[url=https://breachforums.hn/search.php?action=finduser&uid=47627]
Reply
Breached
Member
Posts: 4
Threads: 0
Joined: Jul 2024
Reputation: 0
#10
04-05-2025, 08:56 PM
lets see what we got here
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  CVE-2025-29927 - POC loganpaul09 26 1,175 08-06-2025, 01:12 PM
Last Post: Fuc0
  Nginx RCE - 2025 - March loganpaul09 5 441 08-04-2025, 01:58 AM
Last Post: CLOBELSECTEAM
  CVE-2025-47812 - Wing FTP Server Remote Code Execution (RCE) thermos 7 365 08-03-2025, 08:21 PM
Last Post: handsomexxxxxy
  Apache Superset Authentication Bypass metadata 0 96 08-02-2025, 12:50 AM
Last Post: metadata
  CVE-2025-53770 - Microsoft Sharepoint Unauthenticated RCE antisocial 1 178 07-28-2025, 10:50 AM
Last Post: Krypt3d4ng3l

Forum Jump:


 Users browsing this thread: