admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-01-31 15:53:33 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
bb0b9cdb7c72c5f2ca22991dfd584c384ed92f05
nuclei-templates/headless/cves/2025/CVE-2025-29927-HEADLESS.yaml
ghost bb0b9cdb7c chore: update EPSS scores 🤖
2026-01-25 02:46:43 +00:00

62 lines
2.2 KiB
YAML
Raw Blame History

id: CVE-2025-29927-HEADLESS
info:
name: Next.js Middleware Authorization Bypass
author: ademking
severity: critical
description: |
A critical vulnerability in Next.js middleware allows attackers to bypass authorization checks by manipulating the x-middleware-subrequest header. This flaw affects Next.js versions prior to 14.2.25 and 15.2.3, potentially granting unauthorized access to sensitive resources.
impact: |
Unauthenticated attackers can bypass middleware authorization checks by manipulating the x-middleware-subrequest header, gaining unauthorized access to protected Next.js application routes and sensitive resources.
remediation: |
Upgrade to Next.js version 14.2.25, 15.2.3 or later that properly validates middleware subrequest headers.
reference:
- https://github.com/advisories/GHSA-f82v-jwr5-mffw
- https://nvd.nist.gov/vuln/detail/CVE-2025-29927
- https://www.tenable.com/cve/CVE-2025-29927
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
cvss-score: 9.1
cve-id: CVE-2025-29927
cwe-id: CWE-285
epss-score: 0.92896
epss-percentile: 0.99759
metadata:
vendor: vercel
product: Next.js
framework: node.js
tags: cve,cve2025,headless,nextjs,vkev,passive,vuln
headless:
- steps:
- args:
url: "{{BaseURL}}"
action: navigate
- action: waitstable
- action: script
name: nextjs_version
args:
code: |
() => {
if (!window.next || !window.next.version) {
return "";
}
return window.next.version;
}
extractors:
- type: dsl
part: nextjs_version
dsl:
- '"Vulnerable Next.js => " + nextjs_version'
matchers:
- type: dsl
dsl:
- "compare_versions(nextjs_version, '>= 11.1.4', '<= 13.5.6')"
- "compare_versions(nextjs_version, '> 14.0.0', '< 14.2.25')"
- "compare_versions(nextjs_version, '> 15.0.0', '< 15.2.3')"
condition: or
# digest: 4a0a00473045022100c6fdb2801f0f4acef31c75668519e4dc0cbf2a826b93af07f40c4223f6342e3b02207967c6c03f6842511816efb2ffed5c2ef727745813f97eb331debf7fcb6ea37f:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink