NextSploit is a command-line tool designed to detect and exploit CVE-2025-29927, a security flaw in Next.js

Proof-of-Concept for Authorization Bypass in Next.js Middleware

Ghost Route detects if a Next JS site is vulnerable to the corrupt middleware bypass bug (CVE-2025-29927)

Authorization Bypass in Next.js Middleware

This repository contains a proof of concept (POC) and an exploit script for CVE-2025-29927, a critical vulnerability in Next.js that allows attackers to bypass authorization checks implemented in middleware.

Async Python scanner for Next.js CVE-2025-29927. Uses aiohttp & aiofiles to efficiently process large URL lists, detect vulnerabilities, and save results. Features connection pooling, caching, and chunked processing for fast performance

Next.js Middleware Vulnerability POC

PowerShell script to test if a web app is vulnerable to CVE-2025-29927

A Python script to test Next.js applications for middleware bypass vulnerabilities. The tool attempts various bypass techniques and captures screenshots when potential vulnerabilities are detected.

🔓 Next.js Auth Bypass Demo - Educational application demonstrating CVE-2025-29927 middleware authentication bypass vulnerability . ⚠️ For educational use only.[Made using Ai]

Multi Edit Wiki

CVE-2025-29927: Next.js Middleware Bypass Vulnerability

🚨 Next.js middleware bypass PoC using x-middleware-subrequest header 🚀

A basic proof of concept of the CVE-2025-29927 vulnerability that allows to bypass the middleware scripts.

Next.Js 权限绕过漏洞(CVE-2025-29927)

Bash script to test if a web app is vulnerable to CVE-2025-29927