A critical vulnerability, CVE-2025-29927, has been identified in Next.js, a React-based web framework by Vercel. This flaw allows attackers to bypass middleware-based authorization checks by exploiting the x-middleware-subrequest
header.
Middleware in Next.js is widely used for tasks such as path rewriting, server-side redirects, security headers (e.g., CSP), and access control.
The vulnerability affects versions 11.1.4 through 13.5.6, 14.x before 14.2.25, and 15.x before 15.2.3.
The issue stems from a design flaw in how Next.js processes the x-middleware-subrequest
header, originally intended for internal use to prevent infinite middleware loops.
If this header contains a specific value matching the middleware’s name, the middleware execution is skipped entirely.
Attackers can exploit this by crafting requests with the appropriate header value to bypass all middleware protections.
Attackers can send an HTTP request with the following header to bypass middleware:
textGET /dashboard/admin HTTP/1.1
Host: example.com
X-Middleware-Subrequest: middleware:middleware:middleware:middleware:middleware
This grants unauthorized access to protected resources by skipping authentication and authorization checks.
The vulnerability poses severe risks:
Vercel has released patches:
x-middleware-subrequest
header at the server or load balancer level.Workarounds include:
A Nuclei detection template has been developed to identify vulnerable systems by checking for bypass scenarios using crafted headers.
CVE-2025-29927 highlights how minor implementation flaws can lead to significant security breaches. Organizations using self-hosted Next.js must urgently patch their systems or implement mitigations to avoid exploitation.
Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
If you are working with Linux or writing bash scripts, one of the most common…
What is a bash case statement? A bash case statement is a way to control…
Why Do We Check Files in Bash? When writing a Bash script, you often work…