来源

关联漏洞

描述

CVE-2025-29927

介绍

# CVE-2025-29927 - Critical Security Vulnerability in Next.js

# Description

Next.js is a React framework for building full-stack web applications. Starting in version `1.11.4` and prior to versions `12.3.5`, `13.5.9`, `14.2.25`, and `15.2.3`, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in `12.3.5`, `13.5.9`, `14.2.25`, and `15.2.3`.

# Metrics 

CNA:  `GitHub`, Inc. Base Score: 9.1 CRITICAL ⚫
Vector:  CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

# Vulnerability Details

The vulnerability arises from the improper handling of the internal `x-middleware-subrequest` header. By crafting requests that include this header, an attacker can bypass middleware security checks, effectively skipping authentication and authorization mechanisms.

# Affected Versions

Next.js versions prior to `14.2.25` and `15.2.3` are vulnerable.

# How to use

```
git clone https://github.com/B1ack4sh/Blackash-CVE-2025-29927
cd CVE-2025-29927
python3 -m venv .venv
source .venv/bin/activate
python3 exploit.py -h
```

# Quick to use

```
git clone https://github.com/B1ack4sh/Blackash-CVE-2025-29927
cd CVE-2025-29927
python3 -m venv .venv
source .venv/bin/activate
python3 exploit.py --hostname HOSTNAME
```

# ⚠️ Note: Ensure that your Next.js applications are always updated to the latest stable versions to prevent security risks.

文件快照

 [4.0K]  /data/pocs/83f2ace14a965c51df6d79fe943a4d04c6c7c79f
├── [6.2K]  CVE-2025-29927.py
├── [1.6K]  README.md
└── [   9]  requirements.txt

0 directories, 3 files

备注