一、 漏洞 CVE-2025-29927 基础信息
漏洞信息
# Next.js 中间件中的授权绕过漏洞
## 漏洞概述
Next.js 是一个用于构建全栈 Web 应用的 React 框架。在某些版本中,如果授权检查发生在中间件中,则可能发生绕过授权检查的问题。
## 影响版本
- 1.11.4 到 12.3.5(不包括 12.3.5)
- 1.11.4 到 13.5.9(不包括 13.5.9)
- 1.11.4 到 14.2.25(不包括 14.2.25)
- 1.11.4 到 15.2.3(不包括 15.2.3)
## 细节
授权检查如果在中间件中进行,攻击者可以通过特定方法绕过这些授权检查。这一漏洞允许未经授权的用户访问受保护的内容或执行敏感操作。
## 影响
此漏洞可能导致未经授权的访问和潜在的安全风险。建议更新到以下修复版本:12.3.5, 13.5.9, 14.2.25 和 15.2.3,或者在无法立即修补的情况下,阻止带有 `x-middleware-subrequest` 请求头的外部用户请求到达 Next.js 应用程序。
神龙判断
是否为 Web 类漏洞: 是
判断理由:
是。这个漏洞允许攻击者通过特定的请求头(如 x-middleware-subrequest)绕过Next.js应用中的授权检查,主要影响服务端的中间件处理逻辑。这个问题在Next.js的14.2.25和15.2.3版本中得到了修复。
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Authorization Bypass in Next.js Middleware
来源:美国国家漏洞数据库 NVD
漏洞描述信息
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
来源:美国国家漏洞数据库 NVD
漏洞类别
授权机制不恰当
来源:美国国家漏洞数据库 NVD
漏洞标题
Next.js 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Next.js是Vercel开源的一个 React 框架。 Next.js 14.2.25之前版本和15.2.3之前版本存在安全漏洞,该漏洞源于如果授权检查发生在中间件中,可能绕过授权检查。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2025-29927 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | Verify Next.js CVE-2025-29927 on Netlify not vulnerable | https://github.com/serhalp/test-cve-2025-29927 | POC详情 |
| 2 | Next.js Middleware Authorization Bypass | https://github.com/Ademking/CVE-2025-29927 | POC详情 |
| 3 | A Nuclei template to detect CVE-2025-29927 the Next.js authentication bypass vulnerability | https://github.com/6mile/nextjs-CVE-2025-29927 | POC详情 |
| 4 | undefined | https://github.com/azu/nextjs-cve-2025-29927-poc | POC详情 |
| 5 | None | https://github.com/lirantal/vulnerable-nextjs-14-CVE-2025-29927 | POC详情 |
| 6 | CVE-2025-29927 Proof of Concept | https://github.com/aydinnyunus/CVE-2025-29927 | POC详情 |
| 7 | None | https://github.com/ticofookfook/poc-nextjs-CVE-2025-29927 | POC详情 |
| 8 | Next.js における認可バイパスの脆弱性を再現するデモです。 | https://github.com/t3tra-dev/cve-2025-29927-demo | POC详情 |
| 9 | Proof-of-Concept for Authorization Bypass in Next.js Middleware | https://github.com/websecnl/CVE-2025-29927-PoC-Exploit | POC详情 |
| 10 | Authorization Bypass in Next.js Middleware | https://github.com/MuhammadWaseem29/CVE-2025-29927-POC | POC详情 |
| 11 | CVE-2025-29927 lab | https://github.com/strobes-security/nextjs-vulnerable-app | POC详情 |
| 12 | CVE-2025-29927 Exploit Checker | https://github.com/RoyCampos/CVE-2025-29927 | POC详情 |
| 13 | Demo for Next.js middleware bypass - CVE-2025-29927 | https://github.com/fourcube/nextjs-middleware-bypass-demo | POC详情 |
| 14 | Next.Js 权限绕过漏洞(CVE-2025-29927) | https://github.com/iSee857/CVE-2025-29927 | POC详情 |
| 15 | CVE-2025-29927 Proof of Concept | https://github.com/Eve-SatOrU/POC-CVE-2025-29927 | POC详情 |
| 16 | CVE-2025-29927 Authorization Bypass in Next.js Middleware | https://github.com/arvion-agent/next-CVE-2025-29927 | POC详情 |
| 17 | Next.js Middleware Auth Bypass | https://github.com/Oyst3r1ng/CVE-2025-29927 | POC详情 |
| 18 | New nuclei CVE | https://github.com/lediusa/CVE-2025-29927 | POC详情 |
| 19 | None | https://github.com/lem0n817/CVE-2025-29927 | POC详情 |
| 20 | CVE-2025-29927の検証 | https://github.com/kuzushiki/CVE-2025-29927-test | POC详情 |
| 21 | A deliberately Next.js app, vulnerable to CVE-2025-29927, Authorization Bypass | https://github.com/ricsirigu/CVE-2025-29927 | POC详情 |
| 22 | Async Python scanner for Next.js CVE-2025-29927. Uses aiohttp & aiofiles to efficiently process large URL lists, detect vulnerabilities, and save results. Features connection pooling, caching, and chunked processing for fast performance | https://github.com/0xWhoknows/CVE-2025-29927 | POC详情 |
| 23 | Nuclei Template: CVE-2025-29927 - Next.js Middleware Authentication Bypass | https://github.com/tobiasGuta/CVE-2025-29927-POC | POC详情 |
| 24 | Sigma Rule for CVE-2025–29927 Detection | https://github.com/elshaheedy/CVE-2025-29927-Sigma-Rule | POC详情 |
| 25 | Critical vulnerability in next.js : Bypass middleware authentication | https://github.com/furmak331/CVE-2025-29927 | POC详情 |
| 26 | Ghost Route detects if a Next JS site is vulnerable to the corrupt middleware bypass bug (CVE-2025-29927) | https://github.com/takumade/ghost-route | POC详情 |
| 27 | None | https://github.com/memmedrehimzade/CVE-2025-29927-vuln-app | POC详情 |
| 28 | None | https://github.com/0xPb1/Next.js-CVE-2025-29927 | POC详情 |
| 29 | None | https://github.com/jeymo092/cve-2025-29927 | POC详情 |
| 30 | PoC for CVE-2025-29927: Next.js Middleware Bypass Vulnerability. Demonstrates how x-middleware-subrequest can bypass authentication checks. Includes Docker setup for testing. | https://github.com/alihussainzada/CVE-2025-29927-PoC | POC详情 |
| 31 | PowerShell script to test if a web app is vulnerable to CVE-2025-29927 | https://github.com/TheresAFewConors/CVE-2025-29927-Testing | POC详情 |
| 32 | None | https://github.com/0xPThree/next.js_cve-2025-29927 | POC详情 |
| 33 | None | https://github.com/0xcucumbersalad/cve-2025-29927 | POC详情 |
| 34 | script to check cve "CVE-2025-29927" while waiting to add it to HExHTTP | https://github.com/c0dejump/CVE-2025-29927-check | POC详情 |
| 35 | None | https://github.com/maronnjapan/claude-create-CVE-2025-29927 | POC详情 |
| 36 | This repository contains a proof of concept (POC) and an exploit script for CVE-2025-29927, a critical vulnerability in Next.js that allows attackers to bypass authorization checks implemented in middleware. | https://github.com/kOaDT/poc-cve-2025-29927 | POC详情 |
| 37 | None | https://github.com/yugo-eliatrope/test-cve-2025-29927 | POC详情 |
| 38 | A touch of security | https://github.com/Slvignesh05/CVE-2025-29927 | POC详情 |
| 39 | Next.js Acceso no autorizado CVE-2025-29927 | https://github.com/aleongx/CVE-2025-29927 | POC详情 |
| 40 | A demo of the CVE-2025-29927 vulnerability for a NebraskaJS lightning talk | https://github.com/nicknisi/next-attack | POC详情 |
| 41 | Next.js CVE-2025-29927 Vulnerability Scanner | https://github.com/jmbowes/NextSecureScan | POC详情 |
| 42 | Este script verifica la vulnerabilidad CVE-2025-29927 en servidores Next.js, probando múltiples cargas en la cabecera x-middleware-subrequest para detectar accesos no autorizados. | https://github.com/aleongx/CVE-2025-29927_Scanner | POC详情 |
| 43 | how to hack 90% of next.js created websites with CVE-2025-29927 vulnerability exploit | https://github.com/Nekicj/CVE-2025-29927-exploit | POC详情 |
| 44 | None | https://github.com/Heimd411/CVE-2025-29927-PoC | POC详情 |
| 45 | None | https://github.com/m2hcz/m2hcz-Next.js-security-flaw-CVE-2025-29927---PoC-exploit | POC详情 |
| 46 | CVE-2025-29927에 대한 설명 및 리서치 | https://github.com/KaztoRay/CVE-2025-29927-Research | POC详情 |
| 47 | python script for evaluate if you are vulnerable or not to next.js CVE-2025-29927 | https://github.com/nocomp/CVE-2025-29927-scanner | POC详情 |
| 48 | This repository is for educational and research purposes. | https://github.com/yuzu-juice/CVE-2025-29927_demo | POC详情 |
| 49 | CVE-2025-29927: Next.js Middleware Exploit | https://github.com/0x0Luk/0xMiddleware | POC详情 |
| 50 | NextSploit is a command-line tool designed to detect and exploit CVE-2025-29927, a security flaw in Next.js | https://github.com/AnonKryptiQuz/NextSploit | POC详情 |
| 51 | Here is a simple but effective exploit for CVE-2025-29927. | https://github.com/w2hcorp/CVE-2025-29927-PoC | POC详情 |
| 52 | This script scans a list of URLs to detect if they are using **Next.js** and determines whether they are vulnerable to **CVE-2025-29927**. It optionally attempts exploitation using a wordlist. | https://github.com/ferpalma21/Automated-Next.js-Security-Scanner-for-CVE-2025-29927 | POC详情 |
| 53 | Next.js CVE-2025-29927 demonstration | https://github.com/dante01yoon/CVE-2025-29927 | POC详情 |
| 54 | Next.js Auth Bypass Lab ‐ CVE-2025-29927 | https://github.com/ayato-shitomi/WebLab_CVE-2025-29927 | POC详情 |
| 55 | None | https://github.com/Kamal-418/Vulnerable-Lab-NextJS-CVE-2025-29927 | POC详情 |
| 56 | Next.js Middleware Bypass Vulnerability | https://github.com/alastair66/CVE-2025-29927 | POC详情 |
| 57 | Next.js CVE-2025-29927 güvenlik açığı hakkında | https://github.com/BilalGns/CVE-2025-29927 | POC详情 |
| 58 | None | https://github.com/nyctophile0969/CVE-2025-29927 | POC详情 |
| 59 | A basic proof of concept of the CVE-2025-29927 vulnerability that allows to bypass the middleware scripts. | https://github.com/Naveen-005/Next.Js-middleware-bypass-vulnerability-CVE-2025-29927 | POC详情 |
| 60 | Next.js and the corrupt middleware...TRY TO HACK IT..! | https://github.com/Gokul-Krishnan-V-R/cve-2025-29927 | POC详情 |
| 61 | Next.js Middleware Authorization Bypass Tool (CVE-2025-29927) | https://github.com/fahimalshihab/NextBypass | POC详情 |
| 62 | None | https://github.com/sn1p3rt3s7/NextJS_CVE-2025-29927 | POC详情 |
| 63 | CVE-2025-29927 is a critical vulnerability in Next.js, a popular React-based web framework. The flaw exists in how the middleware feature handles certain internal headers — specifically, the x-middleware-subrequest header | https://github.com/Balajih4kr/cve-2025-29927 | POC详情 |
| 64 | vulnerable-nextjs-14-CVE-2025-29927 | https://github.com/YEONDG/nextjs-cve-2025-29927 | POC详情 |
| 65 | Next.js Middleware Bypass Scanne | https://github.com/gotr00t0day/CVE-2025-29927 | POC详情 |
| 66 | CVE-2025-29927 | https://github.com/pixilated730/NextJS-Exploit- | POC详情 |
| 67 | CVE-2025-29927 ~ a poc of the next.js middleware authentication bypass | https://github.com/ValGrace/middleware-auth-bypass | POC详情 |
| 68 | None | https://github.com/goncalocsousa1/CVE-2025-29927 | POC详情 |
| 69 | None | https://github.com/pickovven/vulnerable-nextjs-14-CVE-2025-29927 | POC详情 |
| 70 | Research on Next.js middleware vulnerability (CVE-2025-29927) allowing authorization bypass and potential exploits. | https://github.com/l1uk/nextjs-middleware-exploit | POC详情 |
| 71 | Next.js CVE-2025-29927 Hunter | https://github.com/darklotuskdb/nextjs-CVE-2025-29927-hunter | POC详情 |
| 72 | Next.js contains a critical middleware bypass vulnerability affecting versions 11.1.4 through 15.2.2. The vulnerability allows attackers to bypass middleware security controls by sending a specially crafted 'x-middleware-subrequest' header, which can lead to authorization bypass and other security control circumvention. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-29927.yaml | POC详情 |
| 73 | A critical vulnerability in Next.js middleware allows attackers to bypass authorization checks by manipulating the x-middleware-subrequest header. This flaw affects Next.js versions prior to 14.2.25 and 15.2.3, potentially granting unauthorized access to sensitive resources. | https://github.com/projectdiscovery/nuclei-templates/blob/main/headless/cves/2025/CVE-2025-29927-HEADLESS.yaml | POC详情 |
| 74 | None | https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Next.js%20%E4%B8%AD%E9%97%B4%E4%BB%B6%E9%89%B4%E6%9D%83%E7%BB%95%E8%BF%87%E6%BC%8F%E6%B4%9E%20CVE-2025-29927.md | POC详情 |
| 75 | https://github.com/vulhub/vulhub/blob/master/next.js/CVE-2025-29927/README.md | POC详情 | |
| 76 | POC CVE-2025-29927 | https://github.com/ethanol1310/POC-CVE-2025-29927- | POC详情 |
| 77 | Exploit for CVE-2025-29927 (Next.js) - Authorization Bypass | https://github.com/UNICORDev/exploit-CVE-2025-29927 | POC详情 |
| 78 | Simulates CVE-2025-29927, a critical Next.js vulnerability allowing attackers to bypass middleware authorization by exploiting the internal x-middleware-subrequest HTTP header. Demonstrates unauthorized access to protected routes and provides mitigation strategies. | https://github.com/Knotsecurity/CVE-2025-29927-NextJs-Middleware-Simulation | POC详情 |
| 79 | None | https://github.com/mhamzakhattak/CVE-2025-29927 | POC详情 |
| 80 | New nuclei CVE | https://github.com/emadshanab/CVE-2025-29927 | POC详情 |
| 81 | A touch of security | https://github.com/bitdotioinc/CVE-2025-29927 | POC详情 |
| 82 | > 🔓 Proof-of-Concept for a fictional Next.js middleware bypass (CVE-2025-29927) — craft sub-requests to test protected routes. | https://github.com/m2hcz/PoC-for-Next.js-Middleware | POC详情 |
| 83 | CVE-2025-29927에 대한 설명 및 리서치 | https://github.com/AventurineJun/CVE-2025-29927-Research | POC详情 |
| 84 | CVE-2025-29927: Next.js Middleware Exploit | https://github.com/luq0x/0xMiddleware | POC详情 |
| 85 | None | https://github.com/0xnxt1me/CVE-2025-29927 | POC详情 |
| 86 | None | https://github.com/enochgitgamefied/NextJS-CVE-2025-29927 | POC详情 |
| 87 | None | https://github.com/Grand-Moomin/Vuln-Next.js-CVE-2025-29927 | POC详情 |
| 88 | None | https://github.com/pouriam23/Next.js-Middleware-Bypass-CVE-2025-29927- | POC详情 |
| 89 | CVE-2025-29927: Next.js Middleware Bypass Vulnerability | https://github.com/kh4sh3i/CVE-2025-29927 | POC详情 |
| 90 | Next.js middleware bypass exploit | https://github.com/EQSTLab/CVE-2025-29927 | POC详情 |
| 91 | Next js middlewareauth Bypass | https://github.com/Hirainsingadia/CVE-2025-29927 | POC详情 |
| 92 | CVE-2025-29927 | https://github.com/hed1ad/CVE-2025-29927 | POC详情 |
| 93 | This is a CVE-2025-29927 Scanner. | https://github.com/HoumanPashaei/CVE-2025-29927 | POC详情 |
| 94 | None | https://github.com/rubbxalc/CVE-2025-29927 | POC详情 |
| 95 | None | https://github.com/olimpiofreitas/CVE-2025-29927_scanner | POC详情 |
| 96 | Next.js Auth Bypass PoC Edge Runtime Env Leak via Middleware Bug | https://github.com/moften/CVE-2025-29927 | POC详情 |
| 97 | x-middleware exploit for next.js CVE-2023–46298 cache poisoning and CVE-2025-29927 bypass | https://github.com/EarthAngel666/x-middleware-exploit | POC详情 |
| 98 | None | https://github.com/enochgitgamefied/NextJS-CVE-2025-29927-Docker-Lab | POC详情 |
| 99 | 🔐 Python-based smart scanner for CVE-2025-29927 — Next.js middleware authentication bypass vulnerability. Detects meta refresh, keyword-based redirects, and more. | https://github.com/sagsooz/CVE-2025-29927 | POC详情 |
| 100 | vulnerable-nextjs-14-CVE-2025-29927 | https://github.com/SugiB3o/vulnerable-nextjs-14-CVE-2025-29927 | POC详情 |
| 101 | CVE-2025-29927 | https://github.com/B1ack4sh/Blackash-CVE-2025-29927 | POC详情 |
| 102 | None | https://github.com/amitlttwo/Next.JS-CVE-2025-29927 | POC详情 |
| 103 | None | https://github.com/KamalideenAK/poc-cve-2025-29927 | POC详情 |
| 104 | CVE-2025-29927 PoC | Auth Bypass Exploit | Python Tool using httpx | Middleware Vulnerability | Ethical Hacking Toolkit | https://github.com/mickhacking/Thank-u-Next | POC详情 |
| 105 | CVE‑2025‑29927 is a critical vulnerability (CVSS 9.1) in Next.js that allows attackers to bypass middleware‑based security checks. | https://github.com/Kamal-Hegazi/CVE-2025-29927-Next.js-Middleware-Authorization-Bypass | POC详情 |
| 106 | Authorization Bypass in Next.js Middleware | https://github.com/dedibagus/cve-2025-29927-poc | POC详情 |
| 107 | None | https://github.com/olimpiofreitas/CVE-2025-29927-scanner | POC详情 |
| 108 | The POC for m6.fr website | https://github.com/sahbaazansari/CVE-2025-29927 | POC详情 |
| 109 | A touch of security | https://github.com/newweshi/CVE-2025-29927 | POC详情 |
| 110 | → poc for CVE-2025-29927 | https://github.com/b4sh0xf/PoC-CVE-2025-29927 | POC详情 |
| 111 | 🔓 Next.js Auth Bypass Demo - Educational application demonstrating CVE-2025-29927 middleware authentication bypass vulnerability . ⚠️ For educational use only. | https://github.com/aayush256-sys/next-js-auth-bypass | POC详情 |
| 112 | None | https://github.com/rgvillanueva28/vulnbox-easy-CVE-2025-29927 | POC详情 |
| 113 | CVE-2025-29927에 대한 설명 및 리서치 | https://github.com/Haruaventure/CVE-2025-29927-Research | POC详情 |
| 114 | None | https://github.com/R3verseIN/Nextjs-middleware-vulnerable-appdemo-CVE-2025-29927 | POC详情 |
| 115 | PoC | NextJS Middleware 15.2.2 - Authorization Bypass | https://github.com/zs1n/CVE-2025-29927 | POC详情 |
| 116 | CVE-2025-29927에 대한 설명 및 리서치 | https://github.com/AventurineJ/CVE-2025-29927-Research | POC详情 |
| 117 | This repository contains **research and analysis** related to CVE-2025-29927. It demonstrates safe, controlled testing approaches for a path traversal/middleware misconfiguration vulnerability in web applications. | https://github.com/MKIRAHMET/CVE-2025-29927-PoC | POC详情 |
| 118 | do not use. vulnerable | https://github.com/adjscent/vulnerable-nextjs-14-CVE-2025-29927 | POC详情 |
| 119 | None | https://github.com/sdrtba/CVE-2025-29927 | POC详情 |
| 120 | None | https://github.com/JOOJIII/CVE-2025-29927 | POC详情 |
| 121 | None | https://github.com/iteride/CVE-2025-29927 | POC详情 |
| 122 | CVE-2025-29927 | https://github.com/sermikr0/nextjs-middleware-auth-bypass | POC详情 |
| 123 | Next.js middleware auth-bypass lab (CVE-2025-29927 simulation) | https://github.com/amalpvatayam67/day10-nextjs-middleware-lab | POC详情 |
| 124 | CVE‑2025‑29927 is a critical vulnerability (CVSS 9.1) in Next.js that allows attackers to bypass middleware‑based security checks. | https://github.com/0xh3g4z1/CVE-2025-29927-Next.js-Middleware-Authorization-Bypass | POC详情 |
| 125 | CVE-2025-29927에 대한 설명 및 리서치 | https://github.com/Viperazor/CVE-2025-29927-Research | POC详情 |
| 126 | None | https://github.com/kuyrathdaro/cve-2025-29927 | POC详情 |
| 127 | Simple script to attempt a Bypass on a server possibly vulnerable to CVE-2025-29927 (Next.js Middleware) | https://github.com/diogolourencodev/middleforce | POC详情 |
| 128 | Reproduction and fix of the CVE-2025-29927 vulnerability. | https://github.com/Bongni/CVE-2025-29927 | POC详情 |
| 129 | Next.js Auth Bypass PoC Edge Runtime Env Leak via Middleware Bug | https://github.com/moften/CVE-2025-29927_Next.js_Auth_Bypass | POC详情 |
| 130 | Una CTF, in formato DSP-compliant, basata sulla CVE-2025-29927 di nextjs. | https://github.com/NS-Projects-Unina/CTF_CVE_DSP_1 | POC详情 |
| 131 | None | https://github.com/lucaschanzx/CVE-2025-29927-PoC | POC详情 |
| 132 | None | https://github.com/BugHawak/CVE-2025-29927 | POC详情 |
| 133 | 🔓 Next.js Auth Bypass Demo - Educational application demonstrating CVE-2025-29927 middleware authentication bypass vulnerability . ⚠️ For educational use only.[Made using Ai] | https://github.com/kazuya256/next-js-auth-bypass | POC详情 |
| 134 | Ghost Route detects if a Next JS site is vulnerable to the corrupt middleware bypass bug (CVE-2025-29927) | https://github.com/phoscoder/ghost-route | POC详情 |
| 135 | CVE-2025-29927 | https://github.com/Ashwesker/Blackash-CVE-2025-29927 | POC详情 |
| 136 | PoC for testing CVE-2025-29927 for Next.js versions 11.x, 12.x <= 12.3.5, 13.x <= 13.5.9, 14.x <=14.2.25, 15.x <= 15.2.3 | https://github.com/liamromanis101/CVE-2025-29927-NextJS | POC详情 |
| 137 | None | https://github.com/radzek15/CVE-2025-29927-Next.js-middleware | POC详情 |
| 138 | A touch of security | https://github.com/w3shinew/CVE-2025-29927 | POC详情 |
三、漏洞 CVE-2025-29927 的情报信息
标题: Release v12.3.5 · vercel/next.js · GitHub -- 🔗来源链接
标签:x_refsource_MISC
神龙速读:从这个网页截图中可以获取到以下关于漏洞的关键信息: - **CVE编号**: CVE-2025-29927 - **安全补丁**: v12.3.5 版本包含了一个针对 CVE-2025-29927 的安全补丁。 - **发布说明**: 这个版本是回溯修复错误的版本,不包括所有待定的功能/更改。 ```markdown ### 关键漏洞信息 - **CVE编号**: CVE-2025-29927 - **安全补丁**: v12.3.5 版本包含了一个针对 CVE-2025-29927 的安全补丁。 - **发布说明**: 这个版本是回溯修复错误的版本,不包括所有待定的功能/更改。 ```
标题: Release v13.5.9 · vercel/next.js · GitHub -- 🔗来源链接
标签:x_refsource_MISC
神龙速读:从这个网页截图中可以获取到以下关于漏洞的关键信息: - **CVE编号**: CVE-2025-29927 - **安全补丁**: v13.5.9 版本包含了一个针对 CVE-2025-29927 的安全补丁。 - **发布说明**: 这个版本是回溯修复错误的版本,不包括所有待定的功能/更改。
标题: Authorization Bypass in Next.js Middleware · Advisory · vercel/next.js · GitHub -- 🔗来源链接
标签:x_refsource_CONFIRM
标题: Update middleware request header (#77201) · vercel/next.js@52a078d · GitHub -- 🔗来源链接
标签:x_refsource_MISC
神龙速读:从这个网页截图中,可以获取到以下关于漏洞的关键信息: - **漏洞编号**:#77281 - **描述**:该提交添加了一个额外的请求头到内部过滤列表中,用于中间件。 - **代码更改**: - 在 `packages/next/src/server/lib/router-server.ts` 文件中,添加了对 `x-middleware-subrequest` 头的处理逻辑,以确保在请求未来自当前会话时正确过滤该头。 - 在 `packages/next/src/server/lib/server-ipc/utils.ts` 文件中,添加了对 `x-middleware-subrequest-id` 头的处理逻辑,以确保在请求未来自当前会话时正确过滤该头。 - 在 `packages/next/src/server/web/sandbox/context.ts` 文件中,添加了对 `x-middleware-subrequest-id` 头的设置逻辑。 - 在 `test/e2e/middleware-general/test/index.test.ts` 文件中,添加了测试用例,确保请求头被正确过滤。 这些更改表明,之前可能存在一个漏洞,使得恶意请求可以通过特定的请求头绕过中间件的过滤逻辑。通过这些代码更改,修复了该漏洞,确保了中间件的安全性。
标题: [backport] Update middleware request header (#77202) · vercel/next.js@5fd3ae8 · GitHub -- 🔗来源链接
标签:x_refsource_MISC
神龙速读:从这个网页截图中,可以获取到以下关于漏洞的关键信息: - **漏洞类型**:该提交主要修复了一个与中间件请求头相关的漏洞。 - **修复措施**: - 在 `router-server.ts` 文件中,添加了生成随机的 `middlewareSubrequestId` 并将其存储在全局变量中。 - 在 `utils.ts` 文件中,更新了 `filterInternalHeaders` 函数,以过滤掉内部请求头,特别是 `x-middleware-subrequest` 头,防止其被错误地传递给中间件。 - 在 `context.ts` 文件中,确保在请求上下文中正确设置 `x-middleware-subrequest-id`。 - 在测试文件 `index.test.ts` 中,增加了测试用例以验证中间件运行时是否能正确处理请求头过滤。 这些更改表明存在一个潜在的安全问题,即内部请求头可能被恶意利用,导致中间件行为异常或安全风险。通过这些修复措施,确保了中间件请求头的正确性和安全性。![[backport] Update middleware request header (#77202) · vercel/next.js@5fd3ae8 · GitHub](https://cvepdf.imfht.com:2443//ti_screenshot/2025-04-08/screenshot-full-2025-04-08T19-48-19.829Z-166c232856ce978baf33.webp)
- https://nvd.nist.gov/vuln/detail/CVE-2025-29927
四、漏洞 CVE-2025-29927 的评论
暂无评论