关联漏洞
描述
Next.js middleware bypass exploit
介绍
# CVE-2025-29927
★ CVE-2025-29927 Next.js middleware bypass PoC ★
## Description
CVE-2025-29927 : Next.js middleware bypass PoC
description: Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
## Lab setup
```
cd next15
docker build --tag nextjs .
docker run -p 3000:3000 -it --rm nextjs
```
## How to use
### Git clone
```
git clone https://github.com/EQSTLab/CVE-2025-29927.git
cd CVE-2025-29927
```
### Command
```sh
chmod +x poc.sh
./poc.sh
```
### Output
文件快照
[4.0K] /data/pocs/af100a2ee9c98a9853b2d856a96b41205b9da62d
├── [4.0K] next15
│ ├── [ 101] Dockerfile
│ ├── [ 508] middleware.ts
│ ├── [ 158] next.config.ts
│ ├── [ 213] next-env.d.ts
│ ├── [ 467] package.json
│ ├── [ 79K] package-lock.json
│ ├── [4.0K] pages
│ │ ├── [3.6K] admin.tsx
│ │ ├── [ 181] _app.tsx
│ │ ├── [ 257] _document.tsx
│ │ └── [1.5K] index.tsx
│ ├── [ 135] postcss.config.mjs
│ ├── [4.0K] public
│ │ ├── [398K] cafebene.png
│ │ ├── [412K] drunkmess.png
│ │ ├── [ 11K] eqst.png
│ │ ├── [ 25K] favicon.ico
│ │ ├── [419K] gigachad.png
│ │ ├── [418K] musac.png
│ │ ├── [1.3K] next.svg
│ │ ├── [406K] sleepy.png
│ │ ├── [266K] sorrow.png
│ │ ├── [ 128] vercel.svg
│ │ └── [318K] WageSlave.png
│ ├── [1.9K] README.md
│ ├── [4.0K] styles
│ │ └── [ 345] globals.css
│ ├── [ 381] tailwind.config.ts
│ └── [ 512] tsconfig.json
├── [ 171] poc.sh
└── [1.2K] README.md
4 directories, 28 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。