2bd993a7c3
7 changes to exploits/shellcodes/ghdb Microchip TimeProvider 4100 Grandmaster (Data plot modules) 2.4.6 - SQL Injection Exclusive Addons for Elementor 2.6.9 - Stored Cross-Site Scripting (XSS) IBM Security Verify Access 10.0.0 - Open Redirect during OAuth Flow Kubio AI Page Builder 2.5.1 - Local File Inclusion (LFI) Next.js Middleware 15.2.2 - Authorization Bypass Royal Elementor Addons and Templates 1.3.78 - Unauthenticated Arbitrary File Upload Apache mod_proxy_cluster - Stored XSS Apache mod_proxy_cluster 1.2.6 - Stored XSS
10 lines
No EOL
514 B
Text
10 lines
No EOL
514 B
Text
# Exploit Title: Next.js Middleware Bypass Vulnerability (CVE-2025-29927)
|
|
# Date: 2025-03-26
|
|
# Exploit Author: kOaDT
|
|
# Vendor Homepage: https://nextjs.org/
|
|
# Software Link: https://github.com/vercel/next.js
|
|
# Version: 13.0.0 - 13.5.8 / 14.0.0 - 14.2.24 / 15.0.0 - 15.2.2 / 11.1.4 - 12.3.4
|
|
# Tested on: Ubuntu 22.04.5 LTS
|
|
# CVE: CVE-2025-29927
|
|
# PoC: https://raw.githubusercontent.com/kOaDT/poc-cve-2025-29927/refs/heads/main/exploit.js
|
|
# POC GitHub Repository: https://github.com/kOaDT/poc-cve-2025-29927/tree/main |