Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2025-29927

CRITICAL
Published 2025-03-21T14:34:49.570Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2025-29927. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
9.1
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.937
probability
of exploitation in the wild

There is a 93.7% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.998
Higher than 99.8% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Description

Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.

Available Exploits

Next.js Middleware Authorization Bypass

A critical vulnerability in Next.js middleware allows attackers to bypass authorization checks by manipulating the x-middleware-subrequest header. This flaw affects Next.js versions prior to 14.2.25 and 15.2.3, potentially granting unauthorized access to sensitive resources.

ID: CVE-2025-29927-HEADLESS
Author: ademking Critical

References:

Related News

No news articles found for this CVE.

Affected Products

vercel

next.js

Affected Versions:

>= 11.1.4, < 12.3.5 >= 14.0.0, < 14.2.25 >= 15.0.0, < 15.2.3 >= 13.0.0, < 13.5.9

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed CRITICAL

Authorization Bypass in Next.js Middleware

GHSA-f82v-jwr5-mffw

Advisory Details

# Impact It is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. # Patches * For Next.js 15.x, this issue is fixed in `15.2.3` * For Next.js 14.x, this issue is fixed in `14.2.25` * For Next.js 13.x, this issue is fixed in `13.5.9` * For Next.js 12.x, this issue is fixed in `12.3.5` * For Next.js 11.x, consult the below workaround. _Note: Next.js deployments hosted on Vercel are automatically protected against this vulnerability._ # Workaround If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the `x-middleware-subrequest` header from reaching your Next.js application. ## Credits - Allam Rachid (zhero;) - Allam Yasser (inzo_)

Affected Packages

npm next
ECOSYSTEM: ≥13.0.0 <13.5.9
npm next
ECOSYSTEM: ≥14.0.0 <14.2.25
npm next
ECOSYSTEM: ≥15.0.0 <15.2.3
npm next
ECOSYSTEM: ≥11.1.4 <12.3.5

CVSS Scoring

CVSS Score

9.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References

WEB https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-29927
WEB https://github.com/vercel/next.js/commit/52a078da3884efe6501613c7834a3d02a91676d2
WEB https://github.com/vercel/next.js/commit/5fd3ae8f8542677c6294f32d18022731eab6fe48
PACKAGE https://github.com/vercel/next.js
WEB https://github.com/vercel/next.js/releases/tag/v12.3.5
WEB https://github.com/vercel/next.js/releases/tag/v13.5.9
WEB https://security.netapp.com/advisory/ntap-20250328-0002
WEB https://vercel.com/changelog/vercel-firewall-proactively-protects-against-vulnerability-with-middleware
WEB http://www.openwall.com/lists/oss-security/2025/03/23/3
WEB http://www.openwall.com/lists/oss-security/2025/03/23/4

Advisory provided by GitHub Security Advisory Database. Published: March 21, 2025, Modified: March 28, 2025

Social Media Intelligence

Real-time discussions and threat intelligence from social platforms

1 post
Reddit 2 weeks, 2 days ago
crstux
Exploit PoC

🔥 Top 10 Trending CVEs (23/08/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-9074](https://nvd.nist.gov/vuln/detail/CVE-2025-9074)** - 📝 A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. …

Also mentions: CVE-2025-43300 CVE-2025-9074 CVE-2025-54336 CVE-2025-21479 CVE-2025-37778 CVE-2025-1316 CVE-2024-55415 CVE-2024-36401
1
1.0
View Original High Risk

References

https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw
https://github.com/vercel/next.js/commit/52a078da3884efe6501613c7834a3d02a91676d2
https://github.com/vercel/next.js/commit/5fd3ae8f8542677c6294f32d18022731eab6fe48
https://github.com/vercel/next.js/releases/tag/v12.3.5
https://github.com/vercel/next.js/releases/tag/v13.5.9
Published: 2025-03-21T14:34:49.570Z
Last Modified: 2025-04-08T15:17:05.315Z
Copied to clipboard!