9 matches found
Next.js Middleware Authorization Bypass Scanner
This module detects self-hosted Next.js applications affected by CVE-2025-29927, an authorization bypass in the middleware layer. Next.js tags its own internal subrequests with the x-middleware-subrequest header and skips middleware when it sees it. The header is trusted without verifying it...
Exploit for Incorrect Authorization in Vercel Next.Js
CVE-2025-29927 — Next.js Middleware Authentication Bypass...
Next.js 15.2.3 Middleware Bypass Scanner
A vulnerability exists in the Next.js middleware handling mechanism, where requests containing the "x-middleware-subrequest" header are processed differently compared to normal requests, potentially allowing attackers to bypass authentication. This is a scanner to test version 15.2.3...
📄 Next.js 13.5.9 Middleware Bypass Scanner
This is an authorization bypass scanner for Next.js versions 13.5.9 and below. A vulnerability exists in the Next.js middleware handling mechanism, where requests containing the "x-middleware-subrequest" header are processed differently compared to normal requests...
Exploit for Improper Authorization in Vercel Next.Js
CVE-2025-29927 — Next.js middleware authorization bypass...
Exploit for CVE-2025-29927
CVE‑2025‑29927 – Next.js Middleware Authorization Bypass O...
Exploit for CVE-2025-29927
CVE-2025-29927 CVE-2025-29927: Next.js Middleware Bypass Vulne...
Exploit for CVE-2025-29927
CVE-2025-29927: Next.js Middleware Bypass PoC Overview This...
CVE-2025-29927
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to ...