The documentation for the DevGuard Project

devguard-documentation

main

0.1.0 contacts

704-Improve-DevGuard-Setup-Guide

update-gitlab-integration-dokument

button

699-create-how-to-commit-documentation

docu-update

add-workflows-components-docus

713-Add-link-to-an-overview-of-all-the-Risk-Mitigation-Guides

Devguard-Pipeline

Badge API Documentation

Badge API

Badge API Programm ZenDiS

quay.io/jetstack/cert-manager-acmesolver

ghcr.io/l3montree-dev/devguard-operator

ghcr.io/l3montree-dev/devguard-postgresql

ghcr.io/l3montree-dev/devguard

docker.io/oryd/kratos

DevGuard Operator

Devguard Postgresql

devguard-scanner

 Devguard-Pipeline

devguard-web

devguard

devguard-action

Devguard

Robot User

Badge-API

Lars Hermges

Patrick Rissmann

Sebastian Kawelke

Tim Bastin

David Luhmer

Refaei Shikho

Frédéric Noppe

refoo0

timbastin

seb-kw

Frederic-Kenji

devguard-bot-dev[bot]

L3montree Cybersecurity

The scanner component of the devguard project

This is a scan for Devguard CI/CD components in a GitLab project, aimed at testing whether these components function correctly.

Manage your CVEs seamlessly, Integrate your Vulnerability Scanners, Documentation made easy, Compliance to security Frameworks - OWASP Incubating Project

Next.js is a React framework for building full-stack web applications. Prior to 14.2.25 and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 14.2.25 and 15.2.3.

Verify Next.js CVE-2025-29927 on Netlify not vulnerable

Next.js における認可バイパスの脆弱性を再現するデモです。

This script checks if a given website running Next.js is vulnerable to CVE-2025-29927, a critical middleware bypass vulnerability.

Script to test if a web app is vulnerable to CVE-2025-29927

Next.js Acceso no autorizado CVE-2025-29927

A Nuclei template to detect CVE-2025-29927 the Next.js authentication bypass vulnerability

Next.Js 权限绕过漏洞(CVE-2025-29927)

CVE-2025-29927 Authorization Bypass in Next.js Middleware

Demo for Next.js middleware bypass - CVE-2025-29927

python script for evaluate if you are vulnerable or not to next.js CVE-2025-29927

Ghost Route detects if a Next JS site is vulnerable to the corrupt middleware bypass bug (CVE-2025-29927)

how to hack 90% of next.js created websites with CVE-2025-29927 vulnerability exploit 

A demo of the CVE-2025-29927 vulnerability for a NebraskaJS lightning talk

Este script verifica la vulnerabilidad CVE-2025-29927 en servidores Next.js, probando múltiples cargas en la cabecera x-middleware-subrequest para detectar accesos no autorizados.

CVE-2025-29927: Next.js Middleware Exploit

NextSploit is a command-line tool designed to detect and exploit CVE-2025-29927, a security flaw in Next.js

Nuclei Template: CVE-2025-29927 - Next.js Middleware Authentication Bypass

Critical vulnerability in next.js : Bypass middleware authentication

script to check cve "CVE-2025-29927" while waiting to add it to HExHTTP

This repository is for educational and research purposes.

This repository contains a proof of concept (POC) and an exploit script for CVE-2025-29927, a critical vulnerability in Next.js that allows attackers to bypass authorization checks implemented in middleware.

Next.js Auth Bypass Lab ‐ CVE-2025-29927

Here is a simple but effective exploit for CVE-2025-29927.

Proof-of-Concept for Authorization Bypass in Next.js Middleware

Async Python scanner for Next.js CVE-2025-29927. Uses aiohttp & aiofiles to efficiently process large URL lists, detect vulnerabilities, and save results. Features connection pooling, caching, and chunked processing for fast performance

Next.js CVE-2025-29927 Vulnerability Scanner

A basic proof of concept of the CVE-2025-29927 vulnerability that allows to bypass the middleware scripts.

This script scans a list of URLs to detect if they are using **Next.js** and determines whether they are vulnerable to **CVE-2025-29927**. It optionally attempts exploitation using a wordlist.

Sigma Rule for CVE-2025–29927 Detection

 CVE-2025-29927 Bypass Authorization Next.js 

Authorization Bypass in Next.js Middleware

CVE-2025-29927에 대한 설명 및 리서치

Next.js Middleware 15.2.2 -  Authorization Bypass

CVE-2025-29927 is a critical vulnerability in Next.js, a popular React-based web framework. The flaw exists in how the middleware feature handles certain internal headers — specifically, the x-middleware-subrequest header

PoC for CVE-2025-29927: Next.js Middleware Bypass Vulnerability. Demonstrates how x-middleware-subrequest can bypass authentication checks. Includes Docker setup for testing.

CVE-2025-29927 ~ a poc of the next.js middleware authentication bypass

Next.js CVE-2025-29927 güvenlik açığı hakkında

Research on Next.js middleware vulnerability (CVE-2025-29927) allowing authorization bypass and potential exploits.

A deliberately Next.js app, vulnerable to CVE-2025-29927, Authorization Bypass 

Simulates CVE-2025-29927, a critical Next.js vulnerability allowing attackers to bypass middleware authorization by exploiting the internal x-middleware-subrequest HTTP header. Demonstrates unauthorized access to protected routes and provides mitigation strategies.

Next.js Middleware Authorization Bypass Tool (CVE-2025-29927)

Exploit for CVE-2025-29927 (Next.js) - Authorization Bypass

CVE-2025-29927: Next.js Middleware Bypass Vulnerability

🔐 Python-based smart scanner for CVE-2025-29927 — Next.js middleware authentication bypass vulnerability. Detects meta refresh, keyword-based redirects, and more.

x-middleware exploit for next.js CVE-2023–46298 cache poisoning and CVE-2025-29927 bypass

Next.js Auth Bypass PoC Edge Runtime Env Leak via Middleware Bug

/Devguard
Group
/devguard-documentation
Repository

CVE-2025-29927

Reopen this vulnerability

Affected component

Quick Fix