一、 漏洞 CVE-2025-29927 基础信息
漏洞标题
Next.js 中间件中的授权绕过漏洞
来源:AIGC 神龙大模型
漏洞描述信息
N/A
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
来源:AIGC 神龙大模型
漏洞类别
授权机制不正确
来源:AIGC 神龙大模型
漏洞标题
Authorization Bypass in Next.js Middleware
来源:美国国家漏洞数据库 NVD
漏洞描述信息
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
来源:美国国家漏洞数据库 NVD
漏洞类别
授权机制不恰当
来源:美国国家漏洞数据库 NVD
漏洞标题
Next.js 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Next.js是Vercel开源的一个 React 框架。 Next.js 14.2.25之前版本和15.2.3之前版本存在安全漏洞,该漏洞源于如果授权检查发生在中间件中,可能绕过授权检查。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2025-29927 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | Verify Next.js CVE-2025-29927 on Netlify not vulnerable | https://github.com/serhalp/test-cve-2025-29927 | POC详情 |
| 2 | Next.js Middleware Authorization Bypass | https://github.com/Ademking/CVE-2025-29927 | POC详情 |
| 3 | A Nuclei template to detect CVE-2025-29927 the Next.js authentication bypass vulnerability | https://github.com/6mile/nextjs-CVE-2025-29927 | POC详情 |
| 4 | undefined | https://github.com/azu/nextjs-cve-2025-29927-poc | POC详情 |
| 5 | None | https://github.com/lirantal/vulnerable-nextjs-14-CVE-2025-29927 | POC详情 |
| 6 | CVE-2025-29927 Proof of Concept | https://github.com/aydinnyunus/CVE-2025-29927 | POC详情 |
| 7 | None | https://github.com/ticofookfook/poc-nextjs-CVE-2025-29927 | POC详情 |
| 8 | Next.js における認可バイパスの脆弱性を再現するデモです。 | https://github.com/t3tra-dev/cve-2025-29927-demo | POC详情 |
| 9 | Proof-of-Concept for Authorization Bypass in Next.js Middleware | https://github.com/websecnl/CVE-2025-29927-PoC-Exploit | POC详情 |
| 10 | Authorization Bypass in Next.js Middleware | https://github.com/MuhammadWaseem29/CVE-2025-29927-POC | POC详情 |
| 11 | CVE-2025-29927 lab | https://github.com/strobes-security/nextjs-vulnerable-app | POC详情 |
| 12 | CVE-2025-29927 Exploit Checker | https://github.com/RoyCampos/CVE-2025-29927 | POC详情 |
| 13 | Demo for Next.js middleware bypass - CVE-2025-29927 | https://github.com/fourcube/nextjs-middleware-bypass-demo | POC详情 |
| 14 | Next.Js 权限绕过漏洞(CVE-2025-29927) | https://github.com/iSee857/CVE-2025-29927 | POC详情 |
| 15 | CVE-2025-29927 Proof of Concept | https://github.com/Eve-SatOrU/POC-CVE-2025-29927 | POC详情 |
| 16 | CVE-2025-29927 Authorization Bypass in Next.js Middleware | https://github.com/arvion-agent/next-CVE-2025-29927 | POC详情 |
| 17 | Next.js Middleware Auth Bypass | https://github.com/Oyst3r1ng/CVE-2025-29927 | POC详情 |
| 18 | New nuclei CVE | https://github.com/lediusa/CVE-2025-29927 | POC详情 |
| 19 | None | https://github.com/lem0n817/CVE-2025-29927 | POC详情 |
| 20 | CVE-2025-29927の検証 | https://github.com/kuzushiki/CVE-2025-29927-test | POC详情 |
| 21 | A deliberately Next.js app, vulnerable to CVE-2025-29927, Authorization Bypass | https://github.com/ricsirigu/CVE-2025-29927 | POC详情 |
| 22 | Async Python scanner for Next.js CVE-2025-29927. Uses aiohttp & aiofiles to efficiently process large URL lists, detect vulnerabilities, and save results. Features connection pooling, caching, and chunked processing for fast performance | https://github.com/0xWhoknows/CVE-2025-29927 | POC详情 |
| 23 | Nuclei Template: CVE-2025-29927 - Next.js Middleware Authentication Bypass | https://github.com/tobiasGuta/CVE-2025-29927-POC | POC详情 |
| 24 | Sigma Rule for CVE-2025–29927 Detection | https://github.com/elshaheedy/CVE-2025-29927-Sigma-Rule | POC详情 |
| 25 | Critical vulnerability in next.js : Bypass middleware authentication | https://github.com/furmak331/CVE-2025-29927 | POC详情 |
| 26 | Ghost Route detects if a Next JS site is vulnerable to the corrupt middleware bypass bug (CVE-2025-29927) | https://github.com/takumade/ghost-route | POC详情 |
| 27 | None | https://github.com/memmedrehimzade/CVE-2025-29927-vuln-app | POC详情 |
| 28 | None | https://github.com/0xPb1/Next.js-CVE-2025-29927 | POC详情 |
| 29 | None | https://github.com/jeymo092/cve-2025-29927 | POC详情 |
| 30 | PoC for CVE-2025-29927: Next.js Middleware Bypass Vulnerability. Demonstrates how x-middleware-subrequest can bypass authentication checks. Includes Docker setup for testing. | https://github.com/alihussainzada/CVE-2025-29927-PoC | POC详情 |
| 31 | PowerShell script to test if a web app is vulnerable to CVE-2025-29927 | https://github.com/TheresAFewConors/CVE-2025-29927-Testing | POC详情 |
| 32 | None | https://github.com/0xPThree/next.js_cve-2025-29927 | POC详情 |
| 33 | None | https://github.com/0xcucumbersalad/cve-2025-29927 | POC详情 |
| 34 | script to check cve "CVE-2025-29927" while waiting to add it to HExHTTP | https://github.com/c0dejump/CVE-2025-29927-check | POC详情 |
| 35 | None | https://github.com/maronnjapan/claude-create-CVE-2025-29927 | POC详情 |
| 36 | This repository contains a proof of concept (POC) and an exploit script for CVE-2025-29927, a critical vulnerability in Next.js that allows attackers to bypass authorization checks implemented in middleware. | https://github.com/kOaDT/poc-cve-2025-29927 | POC详情 |
| 37 | None | https://github.com/yugo-eliatrope/test-cve-2025-29927 | POC详情 |
| 38 | A touch of security | https://github.com/Slvignesh05/CVE-2025-29927 | POC详情 |
| 39 | Next.js Acceso no autorizado CVE-2025-29927 | https://github.com/aleongx/CVE-2025-29927 | POC详情 |
| 40 | A demo of the CVE-2025-29927 vulnerability for a NebraskaJS lightning talk | https://github.com/nicknisi/next-attack | POC详情 |
| 41 | Next.js CVE-2025-29927 Vulnerability Scanner | https://github.com/jmbowes/NextSecureScan | POC详情 |
| 42 | Este script verifica la vulnerabilidad CVE-2025-29927 en servidores Next.js, probando múltiples cargas en la cabecera x-middleware-subrequest para detectar accesos no autorizados. | https://github.com/aleongx/CVE-2025-29927_Scanner | POC详情 |
| 43 | how to hack 90% of next.js created websites with CVE-2025-29927 vulnerability exploit | https://github.com/Nekicj/CVE-2025-29927-exploit | POC详情 |
| 44 | None | https://github.com/Heimd411/CVE-2025-29927-PoC | POC详情 |
| 45 | None | https://github.com/m2hcz/m2hcz-Next.js-security-flaw-CVE-2025-29927---PoC-exploit | POC详情 |
| 46 | CVE-2025-29927에 대한 설명 및 리서치 | https://github.com/KaztoRay/CVE-2025-29927-Research | POC详情 |
| 47 | python script for evaluate if you are vulnerable or not to next.js CVE-2025-29927 | https://github.com/nocomp/CVE-2025-29927-scanner | POC详情 |
| 48 | This repository is for educational and research purposes. | https://github.com/yuzu-juice/CVE-2025-29927_demo | POC详情 |
| 49 | CVE-2025-29927: Next.js Middleware Exploit | https://github.com/0x0Luk/0xMiddleware | POC详情 |
| 50 | NextSploit is a command-line tool designed to detect and exploit CVE-2025-29927, a security flaw in Next.js | https://github.com/AnonKryptiQuz/NextSploit | POC详情 |
| 51 | Here is a simple but effective exploit for CVE-2025-29927. | https://github.com/w2hcorp/CVE-2025-29927-PoC | POC详情 |
| 52 | This script scans a list of URLs to detect if they are using **Next.js** and determines whether they are vulnerable to **CVE-2025-29927**. It optionally attempts exploitation using a wordlist. | https://github.com/ferpalma21/Automated-Next.js-Security-Scanner-for-CVE-2025-29927 | POC详情 |
| 53 | Next.js CVE-2025-29927 demonstration | https://github.com/dante01yoon/CVE-2025-29927 | POC详情 |
| 54 | Next.js Auth Bypass Lab ‐ CVE-2025-29927 | https://github.com/ayato-shitomi/WebLab_CVE-2025-29927 | POC详情 |
| 55 | None | https://github.com/Kamal-418/Vulnerable-Lab-NextJS-CVE-2025-29927 | POC详情 |
| 56 | Next.js Middleware Bypass Vulnerability | https://github.com/alastair66/CVE-2025-29927 | POC详情 |
| 57 | Next.js CVE-2025-29927 güvenlik açığı hakkında | https://github.com/BilalGns/CVE-2025-29927 | POC详情 |
| 58 | None | https://github.com/nyctophile0969/CVE-2025-29927 | POC详情 |
| 59 | A basic proof of concept of the CVE-2025-29927 vulnerability that allows to bypass the middleware scripts. | https://github.com/Naveen-005/Next.Js-middleware-bypass-vulnerability-CVE-2025-29927 | POC详情 |
| 60 | Next.js and the corrupt middleware...TRY TO HACK IT..! | https://github.com/Gokul-Krishnan-V-R/cve-2025-29927 | POC详情 |
| 61 | Next.js Middleware Authorization Bypass Tool (CVE-2025-29927) | https://github.com/fahimalshihab/NextBypass | POC详情 |
| 62 | None | https://github.com/sn1p3rt3s7/NextJS_CVE-2025-29927 | POC详情 |
| 63 | CVE-2025-29927 is a critical vulnerability in Next.js, a popular React-based web framework. The flaw exists in how the middleware feature handles certain internal headers — specifically, the x-middleware-subrequest header | https://github.com/Balajih4kr/cve-2025-29927 | POC详情 |
| 64 | vulnerable-nextjs-14-CVE-2025-29927 | https://github.com/YEONDG/nextjs-cve-2025-29927 | POC详情 |
| 65 | Next.js Middleware Bypass Scanne | https://github.com/gotr00t0day/CVE-2025-29927 | POC详情 |
| 66 | CVE-2025-29927 | https://github.com/pixilated730/NextJS-Exploit- | POC详情 |
| 67 | CVE-2025-29927 ~ a poc of the next.js middleware authentication bypass | https://github.com/ValGrace/middleware-auth-bypass | POC详情 |
| 68 | None | https://github.com/goncalocsousa1/CVE-2025-29927 | POC详情 |
| 69 | None | https://github.com/pickovven/vulnerable-nextjs-14-CVE-2025-29927 | POC详情 |
| 70 | Research on Next.js middleware vulnerability (CVE-2025-29927) allowing authorization bypass and potential exploits. | https://github.com/l1uk/nextjs-middleware-exploit | POC详情 |
| 71 | Next.js CVE-2025-29927 Hunter | https://github.com/darklotuskdb/nextjs-CVE-2025-29927-hunter | POC详情 |
| 72 | Next.js contains a critical middleware bypass vulnerability affecting versions 11.1.4 through 15.2.2. The vulnerability allows attackers to bypass middleware security controls by sending a specially crafted 'x-middleware-subrequest' header, which can lead to authorization bypass and other security control circumvention. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-29927.yaml | POC详情 |
| 73 | A critical vulnerability in Next.js middleware allows attackers to bypass authorization checks by manipulating the x-middleware-subrequest header. This flaw affects Next.js versions prior to 14.2.25 and 15.2.3, potentially granting unauthorized access to sensitive resources. | https://github.com/projectdiscovery/nuclei-templates/blob/main/headless/cves/2025/CVE-2025-29927-HEADLESS.yaml | POC详情 |
| 74 | None | https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Next.js%20%E4%B8%AD%E9%97%B4%E4%BB%B6%E9%89%B4%E6%9D%83%E7%BB%95%E8%BF%87%E6%BC%8F%E6%B4%9E%20CVE-2025-29927.md | POC详情 |
| 75 | https://github.com/vulhub/vulhub/blob/master/next.js/CVE-2025-29927/README.md | POC详情 | |
| 76 | POC CVE-2025-29927 | https://github.com/ethanol1310/POC-CVE-2025-29927- | POC详情 |
| 77 | Exploit for CVE-2025-29927 (Next.js) - Authorization Bypass | https://github.com/UNICORDev/exploit-CVE-2025-29927 | POC详情 |
| 78 | Simulates CVE-2025-29927, a critical Next.js vulnerability allowing attackers to bypass middleware authorization by exploiting the internal x-middleware-subrequest HTTP header. Demonstrates unauthorized access to protected routes and provides mitigation strategies. | https://github.com/Knotsecurity/CVE-2025-29927-NextJs-Middleware-Simulation | POC详情 |
| 79 | None | https://github.com/mhamzakhattak/CVE-2025-29927 | POC详情 |
三、漏洞 CVE-2025-29927 的情报信息
-
-
-
标题: Authorization Bypass in Next.js Middleware · Advisory · vercel/next.js · GitHub -- 🔗来源链接
标签: x_refsource_CONFIRM
-
标题: Update middleware request header (#77201) · vercel/next.js@52a078d · GitHub -- 🔗来源链接
标签: x_refsource_MISC
神龙速读
-
标题: [backport] Update middleware request header (#77202) · vercel/next.js@5fd3ae8 · GitHub -- 🔗来源链接
标签: x_refsource_MISC
神龙速读![[backport] Update middleware request header (#77202) · vercel/next.js@5fd3ae8 · GitHub](https://cvepdf.imfht.com:2443/2025-04-08/screenshot-full-2025-04-08T19-48-19.829Z-166c232856ce978baf33.webp)
- https://nvd.nist.gov/vuln/detail/CVE-2025-29927