header-logo
Suggest Exploit
vendor:
Next.js
by:
kOaDT
6.1
CVSS
HIGH
Middleware Bypass
287
CWE
Product Name: Next.js
Affected Version From: 13.0.0
Affected Version To: 15.2.2002
Patch Exists: NO
Related CWE: CVE-2025-29927
CPE: a:vercel:next.js:13.0.0
Metasploit:
Other Scripts:
Platforms Tested: Ubuntu 22.04.5 LTS
2025

Next.js Middleware Bypass Vulnerability (CVE-2025-29927)

The vulnerability in Next.js versions 13.0.0 to 13.5.8, 14.0.0 to 14.2.24, 15.0.0 to 15.2.2, and 11.1.4 to 12.3.4 allows attackers to bypass middleware restrictions. Exploiting this vulnerability can lead to unauthorized access or execution of malicious actions.

Mitigation:

To mitigate this vulnerability, it is recommended to update Next.js to the latest patched version. Additionally, review and secure the middleware configuration to prevent bypasses.
Source

Exploit-DB raw data:

# Exploit Title: Next.js Middleware Bypass Vulnerability (CVE-2025-29927)
# Date: 2025-03-26
# Exploit Author: kOaDT
# Vendor Homepage: https://nextjs.org/
# Software Link: https://github.com/vercel/next.js
# Version: 13.0.0 - 13.5.8 / 14.0.0 - 14.2.24 / 15.0.0 - 15.2.2 / 11.1.4 - 12.3.4
# Tested on: Ubuntu 22.04.5 LTS
# CVE: CVE-2025-29927
# PoC: https://raw.githubusercontent.com/kOaDT/poc-cve-2025-29927/refs/heads/main/exploit.js
# POC GitHub Repository: https://github.com/kOaDT/poc-cve-2025-29927/tree/main

Navigation

Suggest Exploit

Services By CQR