关联漏洞
描述
CVE-2025-29927 Proof of Concept
介绍
# CVE-2025-29927 - Critical Security Vulnerability in Next.js
## Overview
CVE-2025-29927 is a critical security vulnerability affecting **Next.js**, a popular React framework for building full-stack web applications. This flaw allows attackers to bypass authorization checks implemented in Next.js middleware, potentially granting unauthorized access to sensitive areas of an application, such as **admin pages** or **user dashboards**.
## Vulnerability Details
The vulnerability arises from the improper handling of the internal `x-middleware-subrequest` header. By crafting requests that include this header, an attacker can **bypass middleware security checks**, effectively skipping authentication and authorization mechanisms.
## Affected Versions
- **Next.js versions prior to 14.2.25 and 15.2.3** are vulnerable.
## How to use
```bash
git clone https://github.com/ThemeHackers/CVE-2025-29972
cd CVE-2025-29972
python3 -m venv .venv
source .venv/bin/activate
python3 exploit.py -h
```
## Quick to use
```bash
git clone https://github.com/ThemeHackers/CVE-2025-29972
cd CVE-2025-29972
python3 -m venv .venv
source .venv/bin/activate
python3 exploit.py --hostname HOSTNAME
```
---
⚠️ **Note:** Ensure that your Next.js applications are always updated to the latest stable versions to prevent security risks.
文件快照
[4.0K] /data/pocs/afa642b372d23e7a1603eb835622382a8e11c6ec
├── [6.2K] exploit.py
├── [1.0K] LICENSE
├── [1.3K] README.md
└── [ 8] requirements.txt
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。