The researchers who found the Next.js middleware vulnerability (CVE-2025-29927) have released the full paper: https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware
Notable is that the auth bypass requires the x-middleware-subrequest value to be one of these two forms:
middleware:middleware:middleware:middleware:middleware OR
src/middleware:src/middleware:src/middleware:src/middleware:src/middleware
HD Moore /
npub183…fz7sj
2025-03-23 17:44:56
Author Public Key
npub183jlg550rkcz46gv688rcj2d4ap9cxxut5lg2naehae62hlrlnfs2fz7sjSeen on
wss://relay.nostr.bandPublished at
2025-03-23 17:44:56Event JSON
{
"id": "4cdca8dea3fdea146e2cc9b42b0ee34df68060e3144f84d7ecc1879df5818369",
"pubkey": "3c65f4528f1db02ae90cd1ce3c494daf425c18dc5d3e854fb9bf73a55fe3fcd3",
"created_at": 1742751896,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/users/hdm/statuses/114212988320783557",
"activitypub"
]
],
"content": "The researchers who found the Next.js middleware vulnerability (CVE-2025-29927) have released the full paper: https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware \n\nNotable is that the auth bypass requires the x-middleware-subrequest value to be one of these two forms:\nmiddleware:middleware:middleware:middleware:middleware OR \nsrc/middleware:src/middleware:src/middleware:src/middleware:src/middleware",
"sig": "8739ba6f675a9b876189a843a8acda1ff128de6048576d8419ba976f721c83f7e5e8583577b8aeeebd3bb0276b045a2dc6dbdf1d088d6a5705d49fa206dfdafd"
}