POC详情: 79cf92e5f817762409f3874a6f768d347bc26e73

来源
https://github.com/websecnl/CVE-2025-29927-PoC-Exploit
关联漏洞
标题: Next.js 安全漏洞 (CVE-2025-29927)
描述:Next.js是Vercel开源的一个 React 框架。 Next.js 14.2.25之前版本和15.2.3之前版本存在安全漏洞,该漏洞源于如果授权检查发生在中间件中,可能绕过授权检查。
描述
Proof-of-Concept for Authorization Bypass in Next.js Middleware
介绍
# CVE-2025-29927-PoC-Exploit
Proof-of-Concept for Authorization Bypass in Next.js Middleware

You can run this against a vulnerable version here: https://github.com/lirantal/vulnerable-nextjs-14-CVE-2025-29927

# Running

Execution is straightforward.

1. Python3 CVE-2025-29927-PoC-Exploit.py

It will prompt you to type the domain name. (You have two options: First, type only a domain name. Second, domain name with path)

If you type it like this "domain.com" it will try to brute force the authenticated paths and try those once it finds one with status code 200.

Alternatively you can provdie the authenticated page by yourself for example "domain.com/admin/clients"

In this case it will show only the result for this endpoint.

Results are displayed as JSON.


![image](https://github.com/user-attachments/assets/2e55acb4-2732-41fe-8037-63c92ba5a015)
文件快照

 [4.0K]  /data/pocs/79cf92e5f817762409f3874a6f768d347bc26e73
├── [9.4K]  CVE-2025-29927-check.py
└── [ 860]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。