{"uuid": "69d69b00-ae00-4ac1-9ecf-d7246542405d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29927", "type": "published-proof-of-concept", "source": "https://t.me/ETHICALHACKERSCOMMUNITY2/4441", "content": "A Python (https://www.kitploit.com/search/label/Python) script to check Next.js sites for corrupt middleware (https://www.kitploit.com/search/label/Middleware) vulnerability (https://www.kitploit.com/search/label/Vulnerability) (CVE-2025-29927). The corrupt middleware vulnerability allows an attacker to bypass authentication (https://www.kitploit.com/search/label/Authentication) and access protected routes by send a custom header x-middleware-subrequest.  Next JS versions affected:  - 11.1.4 and up  [!WARNING] This tool is for educational purposes only. Do not use it on websites or systems you do not own or have explicit permission to test. Unauthorized testing may be illegal and unethical.\u00a0 Installation Clone the repo git clone https://github.com/takumade/ghost-route.git\ncd ghost-route\n Create and activate virtual environment python -m venv .venv\nsource .venv/bin/activate\n Install dependencies pip install -r requirements.txt\n Usage python ghost-route.py   \n  : Base URL of the Next.js site (e.g., https://example.com) : Protected path to test (default: /admin) : Show response headers (default: False)  Example Basic Example python ghost-route.py https://example.com /admin\n Show Response Headers (https://www.kitploit.com/search/label/Headers) python ghost-route.py https://example.com /admin True\n License MIT License Credits  CVE-2025-29927 (https://nvd.nist.gov/vuln/detail/CVE-2025-29927) Next.js and the corrupt middleware: the authorizing artifact (https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware) Rachid A. (https://x.com/zhero___) Yasser Allam (https://x.com/inzo____) \n\nDownload Ghost-Route (https://github.com/takumade/ghost-route)", "creation_timestamp": "2025-04-22T16:22:12.000000Z"}