|
CVE-2025-29927
by f4b52 - Monday March 24, 2025 at 04:54 PM
|
|
03-24-2025, 04:54 PM
Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops. The security vulnerability shows it's possible to skip running Middleware, which could allow requests to bypass critical checks—such as authorization cookie validation—before reaching routes.
03-24-2025, 08:01 PM
i think john hammond did a video on this cve ?
Ban reason: Leeching | http://breachddyfwvcp4kzccos5oxtdbssmfbp...an-Appeals if you feel this is incorrect. (Permanent)
03-24-2025, 09:35 PM
(03-24-2025, 04:54 PM)f4b52 Wrote: Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops. The security vulnerability shows it's possible to skip running Middleware, which could allow requests to bypass critical checks—such as authorization cookie validation—before reaching routes.yes we look this comment
03-24-2025, 09:47 PM
lool, thx for share this cve
03-24-2025, 11:57 PM
Can't wait to check the impact of this one on some next.js applications
thanks for sharing
03-25-2025, 05:07 AM
thx share. best sharing
03-25-2025, 05:11 AM
thank you so much forr this
03-25-2025, 05:27 AM
Thank you for sharing this CVE with us
03-25-2025, 06:46 AM
Thank you for sharing this CVE with us
03-25-2025, 09:47 AM
thanks for sharing
|
|
« Next Oldest | Next Newest »
|
| Possibly Related Threads… | |||||
| Thread | Author | Replies | Views | Last Post | |
| CVE-2025-40554 - SolarWinds Web Help Desk Auth Bypass & RCE PoC | 3 | 73 |
02-07-2026, 03:32 PM Last Post: |
||
| POC CVE-2025-24071 | 15 | 805 |
02-07-2026, 08:53 AM Last Post: |
||
| HPE OneView RCE Exploit [CVE-2025-37164] | 8 | 261 |
02-06-2026, 07:08 PM Last Post: |
||
| CitrixBleed / CVE-2023-4966 | 10 | 6,797 |
02-06-2026, 01:36 AM Last Post: |
||
| WordPress LFI to RCE - CVE-2025-0366 | 1 | 457 |
02-05-2026, 09:53 AM Last Post: |
||
