{"uuid": "01b9cd6e-2126-49f8-977c-f1438340c300", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29927", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/234", "content": "Next.js and the corrupt middleware: the authorizing artifact\n\n\ud83d\udc64 by Rachid Allam & Yasser Allam\n\nResearchers have discovered a critical vulnerability in Next.js, a popular framework for building web applications. The flaw allows attackers to bypass middleware responsible for request processing, including authentication and path rewrites.\n\nBy adding the x-middleware-subrequest header with a specific value, an attacker can completely ignore middleware execution, gaining unauthorized access to protected resources. Additionally, the vulnerability can be exploited for denial-of-service (DoS) attacks by poisoning the cache, leading to service disruption.\n\nMany versions of Next.js are affected, making this a widespread security concern.\n\n\ud83d\udcdd Contents:\n\u25cf The Next.js middleware\n\u25cf The authorizing artifact artifact: old code, 0ld treasure\n    \u2022 Execution order and middlewareInfo.name\n\u25cf The authorizing artifact: nostalgia has its charm, but living in the moment is better\n    \u2022 /src directory\n    \u2022 Max recursion depth\n\u25cf Exploits\n    \u2022 Authorization/Rewrite bypass\n    \u2022 CSP bypass\n    \u2022 DoS via Cache-Poisoning (what?)\n    \u2022 Clarification\n\u25cf Security Advisory - CVE-2025-29927\n\u25cf Disclaimer\n\u25cf Conclusion\n\nhttps://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware", "creation_timestamp": "2025-03-24T06:06:47.000000Z"}