!Next.js Middleware Bypass (CVE-2025-29927)
by Rat1337 - Sunday March 30, 2025 at 06:53 PM
Breached
Member
Posts: 6
Threads: 2
Joined: Mar 2025
Reputation: 0

#1
03-30-2025, 06:53 PM
CVE-2025-29927 is a critical vulnerability in Next.js that allows attackers to bypass authorization checks by manipulating the x-middleware-subrequest
header. This affects versions prior to 14.2.25, 15.2.3, 13.5.9, and 12.3.5. Exploiting this flaw could grant unauthorized access to protected routes. To fix this, update Next.js to the latest patched versions. Additionally, implement secondary validation by adding authentication checks in your API routes, ensuring security isn't reliant solely on middleware.


Hidden Content
You must register or login to view this content.
Reply
Breached
Member
Posts: 6
Threads: 0
Joined: Oct 2023
Reputation: 0

#2
03-31-2025, 10:59 AM
thank you for sharing this, cant wait to have a look
Reply
Breached
Member
Posts: 18
Threads: 0
Joined: Dec 2024
Reputation: 0

#3
03-31-2025, 04:46 PM
yeahhhh very nice maboyyy
Reply
Banned

Posts: 41
Threads: 0
Joined: Jan 2024
Reputation: 0

#4
04-01-2025, 07:41 AM
thank you for sharing this, cant wait to have a look
This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: Leeching.
Reply
Breached
Member
Posts: 2
Threads: 0
Joined: Apr 2025
Reputation: 0

#5
04-01-2025, 09:26 PM
thank you for sharing this, cant wait to have a look
Reply
Breached
Member
Posts: 11
Threads: 0
Joined: Aug 2023
Reputation: 0

#6
04-02-2025, 11:27 AM
thanks for the bypass
Reply
Breached
Member
Posts: 39
Threads: 1
Joined: Mar 2025
Reputation: 0

#7
04-05-2025, 02:30 PM
thank you for sharing this dude
Reply
Breached
Member
Posts: 4
Threads: 0
Joined: Apr 2025
Reputation: 0

#8
04-05-2025, 02:31 PM
thanks sir for sharing this dude
Reply
Breached
Member
Posts: 4
Threads: 0
Joined: Mar 2025
Reputation: 0

#9
04-05-2025, 07:33 PM (This post was last modified: 04-05-2025, 07:33 PM by gg_tt.)
(03-30-2025, 06:53 PM)Rat1337 Wrote: CVE-2025-29927 is a critical vulnerability in Next.js that allows attackers to bypass authorization checks by manipulating the x-middleware-subrequest
header. This affects versions prior to 14.2.25, 15.2.3, 13.5.9, and 12.3.5. Exploiting this flaw could grant unauthorized access to protected routes. To fix this, update Next.js to the latest patched versions. Additionally, implement secondary validation by adding authentication checks in your API routes, ensuring security isn't reliant solely on middleware.

nice bro
[/url]
(03-30-2025, 06:53 PM)Rat1337 Wrote: CVE-2025-29927 is a critical vulnerability in Next.js that allows attackers to bypass authorization checks by manipulating the x-middleware-subrequest
header. This affects versions prior to 14.2.25, 15.2.3, 13.5.9, and 12.3.5. Exploiting this flaw could grant unauthorized access to protected routes. To fix this, update Next.js to the latest patched versions. Additionally, implement secondary validation by adding authentication checks in your API routes, ensuring security isn't reliant solely on middleware.

nice bro
[url=https://pwnforums.st/search.php?action=finduser&uid=47627]
Reply
Breached
Member
Posts: 4
Threads: 0
Joined: Jul 2024
Reputation: 0

#10
04-05-2025, 08:56 PM
lets see what we got here
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  CVE-2025-40554 - SolarWinds Web Help Desk Auth Bypass & RCE PoC miyako 3 73 02-07-2026, 03:32 PM
Last Post: cysc
  POC CVE-2025-24071 caca28sapo1 15 805 02-07-2026, 08:53 AM
Last Post: hacker0123
  HPE OneView RCE Exploit [CVE-2025-37164] Hawx01 8 261 02-06-2026, 07:08 PM
Last Post: hacker0123
  CitrixBleed / CVE-2023-4966 cccp 10 6,797 02-06-2026, 01:36 AM
Last Post: temptest
  WordPress LFI to RCE - CVE-2025-0366 Serious 1 457 02-05-2026, 09:53 AM
Last Post: Sammm89



 Users browsing this thread: