9.1
CRITICAL
CVE-2025-29927
Next.js Authorization Bypass in Middleware
Description

Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.

INFO

Published Date :

March 21, 2025, 3:15 p.m.

Last Modified :

April 8, 2025, 2:15 p.m.

Remotely Exploitable :

Yes !

Impact Score :

5.2

Exploitability Score :

3.9
Public PoC/Exploit Available at Github

CVE-2025-29927 has a 275 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2025-29927 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Vercel next.js

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

None

JavaScript TypeScript CSS

Updated: 10 hours, 56 minutes ago
0 stars 0 fork 0 watcher
Born at : May 22, 2025, 7:26 a.m. This repo has been linked 1 different CVEs too.

None

TypeScript JavaScript CSS

Updated: 16 hours, 32 minutes ago
0 stars 0 fork 0 watcher
Born at : May 22, 2025, 3:01 a.m. This repo has been linked 1 different CVEs too.

None

JavaScript TypeScript CSS

Updated: 20 hours, 57 minutes ago
0 stars 0 fork 0 watcher
Born at : May 21, 2025, 10:39 p.m. This repo has been linked 1 different CVEs too.

None

JavaScript TypeScript CSS

Updated: 1 day, 10 hours ago
0 stars 0 fork 0 watcher
Born at : May 21, 2025, 9:30 a.m. This repo has been linked 1 different CVEs too.

BornToDevProjectFinal

JavaScript TypeScript CSS

Updated: 1 day, 13 hours ago
0 stars 0 fork 0 watcher
Born at : May 21, 2025, 6:36 a.m. This repo has been linked 1 different CVEs too.

dashboard feito template em nextjs v15 +

JavaScript TypeScript CSS

Updated: 2 days ago
0 stars 0 fork 0 watcher
Born at : May 20, 2025, 7:35 p.m. This repo has been linked 1 different CVEs too.

TailAdmin is a Next.js and Tailwind CSS free, open-source admin dashboard template. Provides developers with the necessary tools, components, pages to build a full-featured back-end, dashboard, or admin panel for any web project.

JavaScript TypeScript CSS

Updated: 1 day, 1 hour ago
1 stars 0 fork 0 watcher
Born at : May 20, 2025, 5:02 p.m. This repo has been linked 1 different CVEs too.

Kutip is a smart waste management system designed to improve the efficiency, visibility, and accountability of urban bin collection operations. It combines real-time bin tracking, IoT-driven data collection, and an admin dashboard to optimize waste collection routes and ensure timely pickups.

JavaScript TypeScript CSS

Updated: 2 days, 4 hours ago
0 stars 0 fork 0 watcher
Born at : May 20, 2025, 2:36 p.m. This repo has been linked 1 different CVEs too.

None

JavaScript TypeScript Python CSS

Updated: 2 days, 18 hours ago
0 stars 0 fork 0 watcher
Born at : May 20, 2025, 1:04 a.m. This repo has been linked 1 different CVEs too.

None

JavaScript TypeScript CSS

Updated: 2 days, 22 hours ago
0 stars 0 fork 0 watcher
Born at : May 19, 2025, 9:30 p.m. This repo has been linked 1 different CVEs too.

None

JavaScript TypeScript CSS

Updated: 3 days, 6 hours ago
0 stars 0 fork 0 watcher
Born at : May 19, 2025, 12:45 p.m. This repo has been linked 1 different CVEs too.

None

JavaScript TypeScript CSS

Updated: 3 days, 11 hours ago
0 stars 0 fork 0 watcher
Born at : May 19, 2025, 6:42 a.m. This repo has been linked 1 different CVEs too.

None

JavaScript TypeScript CSS

Updated: 2 days, 19 hours ago
0 stars 0 fork 0 watcher
Born at : May 19, 2025, 6:32 a.m. This repo has been linked 1 different CVEs too.

自动抓取微信公众号安全漏洞文章,转换为Markdown格式并建立本地知识库,每日持续更新。本项目基于 [原版wxvl](https://github.com/20142995/wxvl) 进行扩展。

Python

Updated: 1 day, 23 hours ago
1 stars 0 fork 0 watcher
Born at : May 19, 2025, 4:32 a.m. This repo has been linked 3 different CVEs too.

None

JavaScript TypeScript CSS

Updated: 3 days, 18 hours ago
0 stars 0 fork 0 watcher
Born at : May 19, 2025, 1:09 a.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-29927 vulnerability anywhere in the article.

  • Help Net Security
Week in review: Chrome sandbox escape 0-day fixed, Microsoft adds new AI agents to Security Copilot

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft’s new AI agents take on phishing, patching, alert fatigue Microsoft is rolling out a new gen ... Read more

Published Date: Mar 30, 2025 (1 month, 3 weeks ago)
  • The Register
CrushFTP CEO's feisty response to VulnCheck's CVE for critical make-me-admin bug

CrushFTP's CEO is not happy with VulnCheck after the CVE numbering authority (CNA) released an unofficial ID for the critical vulnerability in its file transfer tech disclosed almost a week ago. Accor ... Read more

Published Date: Mar 27, 2025 (1 month, 3 weeks ago)
  • The Hacker News
CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices

Vulnerability / Threat Intelligence The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two six-year-old security flaws impacting Sitecore CMS and Experience Platform (XP) to it ... Read more

Published Date: Mar 27, 2025 (1 month, 3 weeks ago)
  • Hackread - Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Next.js Middleware Flaw Lets Attackers Bypass Authorization

A recent collaborative effort by researchers Rachid Allam and Yasser Allam has exposed a critical vulnerability within the Next.js framework, a widely used JavaScript framework based on React with nea ... Read more

Published Date: Mar 26, 2025 (1 month, 3 weeks ago)
  • Cyber Security News
CrushFTP HTTPS Port Vulnerability Leads to Unauthorized Access

Two critical vulnerabilities have been identified in widely used software: CrushFTP and Next.js. CrushFTP, a file transfer solution, contains a vulnerability allowing unauthorized access through stand ... Read more

Published Date: Mar 26, 2025 (1 month, 3 weeks ago)

The following table lists the changes that have been made to the CVE-2025-29927 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    Apr. 08, 2025

    Action Type Old Value New Value
    Changed Description Next.js is a React framework for building full-stack web applications. Prior to 14.2.25 and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 14.2.25 and 15.2.3. Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
    Added Reference https://github.com/vercel/next.js/commit/52a078da3884efe6501613c7834a3d02a91676d2
    Added Reference https://github.com/vercel/next.js/commit/5fd3ae8f8542677c6294f32d18022731eab6fe48
    Added Reference https://github.com/vercel/next.js/releases/tag/v12.3.5
    Added Reference https://github.com/vercel/next.js/releases/tag/v13.5.9
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Mar. 28, 2025

    Action Type Old Value New Value
    Added Reference https://security.netapp.com/advisory/ntap-20250328-0002/
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Mar. 23, 2025

    Action Type Old Value New Value
    Added Reference http://www.openwall.com/lists/oss-security/2025/03/23/3
    Added Reference http://www.openwall.com/lists/oss-security/2025/03/23/4
  • New CVE Received by [email protected]

    Mar. 21, 2025

    Action Type Old Value New Value
    Added Description Next.js is a React framework for building full-stack web applications. Prior to 14.2.25 and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 14.2.25 and 15.2.3.
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
    Added CWE CWE-285
    Added Reference https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-29927 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-29927 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
© cvefeed.io
Latest DB Update: May. 22, 2025 19:40