JOIN BREACHFORUMS TELEGRAM
!Next.js Middleware Bypass (CVE-2025-29927)
by Rat1337 - Sunday March 30, 2025 at 06:53 PM
Breached
Member
Posts: 6
Threads: 2
Joined: Mar 2025
Reputation: 0
#1
Mar 30, 2025, 06:53 PM
CVE-2025-29927 is a critical vulnerability in Next.js that allows attackers to bypass authorization checks by manipulating the x-middleware-subrequest
header. This affects versions prior to 14.2.25, 15.2.3, 13.5.9, and 12.3.5. Exploiting this flaw could grant unauthorized access to protected routes. To fix this, update Next.js to the latest patched versions. Additionally, implement secondary validation by adding authentication checks in your API routes, ensuring security isn't reliant solely on middleware.


Hidden Content
You must register or login to view this content.
Reply
Breached
Member
Posts: 4
Threads: 0
Joined: Oct 2023
Reputation: 0
#2
Mar 31, 2025, 10:59 AM
thank you for sharing this, cant wait to have a look
Reply
Breached
Member
Posts: 19
Threads: 0
Joined: Dec 2024
Reputation: 0
#3
Mar 31, 2025, 04:46 PM
yeahhhh very nice maboyyy
Reply
Banned

Posts: 42
Threads: 0
Joined: Jan 2024
Reputation: 0
#4
Apr 01, 2025, 07:41 AM
thank you for sharing this, cant wait to have a look

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching.
Reply
Breached
Member
Posts: 2
Threads: 0
Joined: Apr 2025
Reputation: 0
#5
Apr 01, 2025, 09:26 PM
thank you for sharing this, cant wait to have a look
Reply
Breached
Member
Posts: 11
Threads: 0
Joined: Aug 2023
Reputation: 0
#6
Apr 02, 2025, 11:27 AM
thanks for the bypass
Reply
Breached
Member
Posts: 47
Threads: 1
Joined: Mar 2025
Reputation: 0
#7
Apr 05, 2025, 02:30 PM
thank you for sharing this dude
Reply
Breached
Member
Posts: 4
Threads: 0
Joined: Apr 2025
Reputation: 0
#8
Apr 05, 2025, 02:31 PM
thanks sir for sharing this dude
Reply
Breached
Member
Posts: 4
Threads: 0
Joined: Mar 2025
Reputation: 0
#9
Apr 05, 2025, 07:33 PM (This post was last modified: Apr 05, 2025, 07:33 PM by gg_tt.)
(Mar 30, 2025, 06:53 PM)Rat1337 Wrote: CVE-2025-29927 is a critical vulnerability in Next.js that allows attackers to bypass authorization checks by manipulating the x-middleware-subrequest
header. This affects versions prior to 14.2.25, 15.2.3, 13.5.9, and 12.3.5. Exploiting this flaw could grant unauthorized access to protected routes. To fix this, update Next.js to the latest patched versions. Additionally, implement secondary validation by adding authentication checks in your API routes, ensuring security isn't reliant solely on middleware.

nice bro
[/url]
(Mar 30, 2025, 06:53 PM)Rat1337 Wrote: CVE-2025-29927 is a critical vulnerability in Next.js that allows attackers to bypass authorization checks by manipulating the x-middleware-subrequest
header. This affects versions prior to 14.2.25, 15.2.3, 13.5.9, and 12.3.5. Exploiting this flaw could grant unauthorized access to protected routes. To fix this, update Next.js to the latest patched versions. Additionally, implement secondary validation by adding authentication checks in your API routes, ensuring security isn't reliant solely on middleware.

nice bro
[url=https://breachforums.rs/search.php?action=finduser&uid=47627]
Reply
Breached
Member
Posts: 5
Threads: 0
Joined: Jul 2024
Reputation: 0
#10
Apr 05, 2025, 08:56 PM
lets see what we got here
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Cisco Secure Firewall Management Center(CVE-2026-20131) DirtyEra 0 26 46 minutes ago
Last Post: DirtyEra
  POC CVE-2025-24071 caca28sapo1 16 1,095 7 hours ago
Last Post: ucy
  Google Dorks for finding SQL injection vulnerabilities and other security issues 1yush 68 3,477 7 hours ago
Last Post: 89UI
  New Zer0 Day Wordpress A3g00n 82 3,791 May 09, 2026, 01:14 PM
Last Post: wker
  {SECRET} DATABASE OF EXPLOITS lulagain 440 27,807 May 07, 2026, 09:44 PM
Last Post: caribou

Forum Jump:


 Users browsing this forum: 1 Guest(s)