{"id":27442937,"url":"https://github.com/unicordev/exploit-cve-2025-29927","last_synced_at":"2026-04-29T17:03:09.833Z","repository":{"id":287960477,"uuid":"966209797","full_name":"UNICORDev/exploit-CVE-2025-29927","owner":"UNICORDev","description":"Exploit for CVE-2025-29927 (Next.js) - Authorization Bypass","archived":false,"fork":false,"pushed_at":"2025-04-15T00:35:29.000Z","size":14,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-15T01:17:46.491Z","etag":null,"topics":["authorization","bypass","exploit","middleware","nextjs","python","python3"],"latest_commit_sha":null,"homepage":"https://unicord.dev/exploit-CVE-2025-29927","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/UNICORDev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-04-14T15:12:13.000Z","updated_at":"2025-04-15T01:07:08.000Z","dependencies_parsed_at":"2025-04-15T01:17:48.190Z","dependency_job_id":"316b2382-092a-4d37-b8f0-9a1ff6d400c4","html_url":"https://github.com/UNICORDev/exploit-CVE-2025-29927","commit_stats":null,"previous_names":["unicordev/exploit-cve-2025-29927"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/UNICORDev/exploit-CVE-2025-29927","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/UNICORDev%2Fexploit-CVE-2025-29927","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/UNICORDev%2Fexploit-CVE-2025-29927/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/UNICORDev%2Fexploit-CVE-2025-29927/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/UNICORDev%2Fexploit-CVE-2025-29927/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/UNICORDev","download_url":"https://codeload.github.com/UNICORDev/exploit-CVE-2025-29927/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/UNICORDev%2Fexploit-CVE-2025-29927/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32435122,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-29T13:34:34.882Z","status":"ssl_error","status_checked_at":"2026-04-29T13:34:29.830Z","response_time":110,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authorization","bypass","exploit","middleware","nextjs","python","python3"],"created_at":"2025-04-15T01:17:44.969Z","updated_at":"2026-04-29T17:03:09.828Z","avatar_url":"https://github.com/UNICORDev.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Exploit for CVE-2025-29927 (Next.js) - Authorization Bypass\n\n![GitHub Cover](https://github.com/user-attachments/assets/c6e1e617-7da8-4be1-a74e-8a1f0b5321a0)\n\n**Like this repo? Give us a ⭐!**\n\n_For educational and authorized security research purposes only._\n\n## Exploit Author\n\n[@UNICORDev](https://unicord.dev) by ([@NicPWNs](https://github.com/NicPWNs) and [@Dev-Yeoj](https://github.com/Dev-Yeoj))\n\n## Vulnerability Description\n\nNext.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.\n\n## Exploit Description\n\nIn vulnerable Next.js versions, it is possible to bypass authorization checks within an application, if the authorization check occurs in middleware, by sending requests which contain the `x-middleware-subrequest` header. This exploit assesses a target's Next.js version and sends various specially crafted headers to achieve middleware bypass.\n\n## Usage\n\n```bash\n  python3 exploit-CVE-2025-29927.py -u \u003ctarget-url\u003e\n  python3 exploit-CVE-2025-29927.py -u \u003ctarget-url\u003e [-v \u003cversion\u003e] [-m \u003cmiddleware\u003e]\n  python3 exploit-CVE-2025-29927.py -h\n```\n\n## Options\n\n```\n  -u    Target URL to check and exploit\n  -v    Specify Next.js version if known (e.g., 15.2.0) [Optional]\n  -m    Specify middleware file name/location if known (e.g. src/middleware) [Optional]\n  -h    Show this help menu.\n```\n\n## Download\n\n[Download exploit-CVE-2025-29927.py Here](https://raw.githubusercontent.com/UNICORDev/exploit-CVE-2025-29927/refs/heads/main/exploit-CVE-2025-29927.py)\n\n## Exploit Requirements\n\n- python3\n- python3:requests\n- python3:selenium\n\n## Demo\n\n![Demo](https://github.com/user-attachments/assets/1d547744-2808-430c-9c4f-0fbc1f97aff7)\n\n## Tested On\n\nNext.js Version 13.5.6\n\n## Applies To\n\n- Next.js Versions 15.0.0 - 15.2.2\n- Next.js Versions 14.0.0 - 14.2.24\n- Next.js Versions 13.0.0 - 13.5.8\n- Next.js Versions 11.1.4 - 12.3.4\n\n## Test Environment\n\n```bash\ncd vulnerable-next-app\ndocker compose up\npython3 exploit-CVE-2025-29927.py -u http://localhost:3000/admin\n```\n\n## Credits\n\n- https://nvd.nist.gov/vuln/detail/CVE-2025-29927\n- https://github.com/advisories/GHSA-f82v-jwr5-mffw\n- https://vercel.com/blog/postmortem-on-next-js-middleware-bypass\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Funicordev%2Fexploit-cve-2025-29927","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Funicordev%2Fexploit-cve-2025-29927","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Funicordev%2Fexploit-cve-2025-29927/lists"}