← voltar
CVE-2025-29927

Authorization Bypass in Next.js Middleware

CVSS 9.1 CRITICALEPSS 98.4%CWE-285
Em resumo

Versões do Next.js de 1.11.4 até 15.2.2 permitem que atacantes contornem verificações de autorização implementadas no middleware ao manipular o cabeçalho x-middleware-subrequest, podendo conceder acesso não autorizado a recursos protegidos.

Detalhe técnico

O desvio de autorização no middleware Next.js ocorre quando um atacante cria requisições com um cabeçalho x-middleware-subrequest falsificado, fazendo com que a lógica de autorização seja ignorada ou mal interpretada. Afeta versões de 1.11.4 até 15.2.2; a vulnerabilidade é corrigida em 12.3.5, 13.5.9, 14.2.25 e 15.2.3. O ataque requer acesso à rede da aplicação e resulta em contorno dos controles de autorização.

Resumo gerado e traduzido por IA a partir da descrição oficial.
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Produtos afetados
vercel · next.js
PoCs públicas encontradas121
githubgithub.com/aydinnyunus/CVE-2025-2992799githubgithub.com/AnonKryptiQuz/NextSploit91githubgithub.com/websecnl/CVE-2025-29927-PoC-Exploit19githubgithub.com/6mile/nextjs-CVE-2025-2992719githubgithub.com/lirantal/vulnerable-nextjs-14-CVE-2025-2992715githubgithub.com/azu/nextjs-cve-2025-29927-poc15githubgithub.com/UNICORDev/exploit-CVE-2025-2992711githubgithub.com/phoscoder/ghost-route9githubgithub.com/MuhammadWaseem29/CVE-2025-29927-POC9githubgithub.com/gotr00t0day/CVE-2025-299278githubgithub.com/kOaDT/poc-cve-2025-299277githubgithub.com/KaztoRay/CVE-2025-29927-Research7githubgithub.com/strobes-security/nextjs-vulnerable-app6githubgithub.com/HoumanPashaei/CVE-2025-299275githubgithub.com/alihussainzada/CVE-2025-29927-PoC5githubgithub.com/fourcube/nextjs-middleware-bypass-demo5githubgithub.com/Ademking/CVE-2025-299274githubgithub.com/t3tra-dev/cve-2025-29927-demo4githubgithub.com/RoyCampos/CVE-2025-299274githubgithub.com/Eve-SatOrU/POC-CVE-2025-299273githubgithub.com/0xWhoknows/CVE-2025-299273githubgithub.com/luq0x/0xMiddleware3githubgithub.com/c0dejump/CVE-2025-29927-check3githubgithub.com/EQSTLab/CVE-2025-299272githubgithub.com/arvion-agent/next-CVE-2025-299272githubgithub.com/pouriam23/Next.js-Middleware-Bypass-CVE-2025-29927-2githubgithub.com/kh4sh3i/CVE-2025-299272githubgithub.com/ferpalma21/Automated-Next.js-Security-Scanner-for-CVE-2025-299272githubgithub.com/nicknisi/next-attack2githubgithub.com/emadshanab/CVE-2025-299272githubgithub.com/TheresAFewConors/CVE-2025-29927-Testing2githubgithub.com/Nekicj/CVE-2025-29927-exploit2githubgithub.com/lem0n817/CVE-2025-299272githubgithub.com/lstudlo/nextjs-cve-demo2githubgithub.com/Oyst3r1ng/CVE-2025-299272githubgithub.com/mhamzakhattak/CVE-2025-299271githubgithub.com/kuzushiki/CVE-2025-29927-test1githubgithub.com/ricsirigu/CVE-2025-299271githubgithub.com/yugo-eliatrope/test-cve-2025-299271githubgithub.com/jmbowes/NextSecureScan1githubgithub.com/m2hcz/PoC-for-Next.js-Middleware1githubgithub.com/nocomp/CVE-2025-29927-scanner1githubgithub.com/w2hcorp/CVE-2025-29927-PoC1githubgithub.com/Kamal-418/Vulnerable-Lab-NextJS-CVE-2025-299271githubgithub.com/alastair66/CVE-2025-299271githubgithub.com/pixilated730/NextJS-Exploit-1githubgithub.com/0xnxt1me/CVE-2025-299271githubgithub.com/rubbxalc/CVE-2025-299271githubgithub.com/olimpiofreitas/CVE-2025-29927-scanner1githubgithub.com/moften/CVE-2025-29927_Next.js_Auth_Bypass1githubgithub.com/kazuya256/next-js-auth-bypass1githubgithub.com/iteride/CVE-2025-299271githubgithub.com/sermikr0/nextjs-middleware-auth-bypass1githubgithub.com/Bongni/CVE-2025-299271githubgithub.com/liamromanis101/CVE-2025-29927-NextJS1githubgithub.com/DanielHallbro/CVE-2025-29927-Nextjs-Bypass-PoC1githubgithub.com/dedibagus/cve-2025-29927-poc0githubgithub.com/0xb1lal/CVE-2025-299270githubgithub.com/JOOJIII/CVE-2025-299270githubgithub.com/Naveen-005/Next.Js-middleware-bypass-vulnerability-CVE-2025-299270githubgithub.com/Gokul-Krishnan-V-R/cve-2025-299270githubgithub.com/fahimalshihab/NextBypass0githubgithub.com/sn1p3rt3s7/NextJS_CVE-2025-299270githubgithub.com/Balajih4kr/cve-2025-299270githubgithub.com/YEONDG/nextjs-cve-2025-299270githubgithub.com/furmak331/CVE-2025-299270githubgithub.com/Si-Ni/CVE-2025-29927-Proof-of-Concept0githubgithub.com/ValGrace/middleware-auth-bypass0githubgithub.com/sangrok-jeon/CVE-2025-29927-Nextjs-Analysis0githubgithub.com/pickovven/vulnerable-nextjs-14-CVE-2025-299270githubgithub.com/l1uk/nextjs-middleware-exploit0githubgithub.com/darklotuskdb/nextjs-CVE-2025-29927-hunter0githubgithub.com/ethanol1310/POC-CVE-2025-29927-0githubgithub.com/elshaheedy/CVE-2025-29927-Sigma-Rule0githubgithub.com/Knotsecurity/CVE-2025-29927-NextJs-Middleware-Simulation0githubgithub.com/hujiaozhuzhu/CVE-2025-29927__Next.js0githubgithub.com/enochgitgamefied/NextJS-CVE-2025-299270githubgithub.com/Grand-Moomin/Vuln-Next.js-CVE-2025-299270githubgithub.com/iSee857/CVE-2025-299270githubgithub.com/ticofookfook/poc-nextjs-CVE-2025-299270githubgithub.com/serhalp/test-cve-2025-299270githubgithub.com/Hirainsingadia/CVE-2025-299270githubgithub.com/Heimd411/CVE-2025-29927-PoC0githubgithub.com/Toddkk02/CVE-2025-299270githubgithub.com/shahin-shadow/nextjs-auth-bypass0githubgithub.com/TheWaterbug/alpr-dashboard-patches0githubgithub.com/EarthAngel666/x-middleware-exploit0githubgithub.com/metasploit403/cve-2025-29927-lab0githubgithub.com/enochgitgamefied/NextJS-CVE-2025-29927-Docker-Lab0githubgithub.com/sagsooz/CVE-2025-299270githubgithub.com/SugiB3o/vulnerable-nextjs-14-CVE-2025-299270githubgithub.com/amitlttwo/Next.JS-CVE-2025-299270githubgithub.com/Nayekah/Next.js-Proof-of-Concept0githubgithub.com/mickhacking/Thank-u-Next0githubgithub.com/sahbaazansari/CVE-2025-299270githubgithub.com/b4sh0xf/PoC-CVE-2025-299270githubgithub.com/rgvillanueva28/vulnbox-easy-CVE-2025-299270githubgithub.com/s11s11/CVE-2025-299270githubgithub.com/R3verseIN/Nextjs-middleware-vulnerable-appdemo-CVE-2025-299270githubgithub.com/zs1n/CVE-2025-299270githubgithub.com/MKIRAHMET/CVE-2025-29927-PoC0githubgithub.com/adjscent/vulnerable-nextjs-14-CVE-2025-299270githubgithub.com/sdrtba/CVE-2025-299270githubgithub.com/bk-security/auth-header-trust-rules0githubgithub.com/aleongx/CVE-2025-299270githubgithub.com/w3shinew/CVE-2025-299270githubgithub.com/gitgudKrish/cve-2025-29927-nextjs0githubgithub.com/aleongx/CVE-2025-29927_Scanner0githubgithub.com/maronnjapan/claude-create-CVE-2025-299270githubgithub.com/amalpvatayam67/day10-nextjs-middleware-lab0githubgithub.com/0xcucumbersalad/cve-2025-299270githubgithub.com/kuyrathdaro/cve-2025-299270githubgithub.com/yuzu-juice/CVE-2025-29927_demo0githubgithub.com/0xPThree/next.js_cve-2025-299270githubgithub.com/jeymo092/cve-2025-299270githubgithub.com/SwapnilDeshpande/cve-2025-29927-lab0githubgithub.com/0xPb1/Next.js-CVE-2025-299270githubgithub.com/dante01yoon/CVE-2025-299270githubgithub.com/ayato-shitomi/WebLab_CVE-2025-299270githubgithub.com/Fomovet/cve-2025-299270exploitdbwww.exploit-db.com/exploits/52124não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/vercel/next.js/commit/52a078da3884efe6501613c7834a3d02a91676d2https://github.com/vercel/next.js/commit/5fd3ae8f8542677c6294f32d18022731eab6fe48https://github.com/vercel/next.js/releases/tag/v12.3.5https://github.com/vercel/next.js/releases/tag/v13.5.9https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffwhttps://security.netapp.com/advisory/ntap-20250328-0002/http://www.openwall.com/lists/oss-security/2025/03/23/3http://www.openwall.com/lists/oss-security/2025/03/23/4