Next.js: CVE-2025-29927 Walkthrough | TryHackMe
Join me as we walkthrough how to perform a recent published next.js CVE-2025-29927. The vulnerability discovered by Rachid and Yasser Allam in Next.js, revealed that it is possible to bypass authorization checks if they occur in middleware.
Patches:
For Next.js 15.x, this issue is fixed in 15.2.3
For Next.js 14.x, this issue is fixed in 14.2.25
For Next.js versions 11.1.4 thru 13.5.6 we recommend consulting the below workaround.
Original post: https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware
TryHackme Link: https://tryhackme.com/room/nextjscve202529927
If you want to share your knowledge or want to ask questions please feel to ask in the comment section. If you enjoyed or learn something please leave a like. And if you want to get notified whenever I upload please subscribe.
Incase you want to buy me a coffee, here is my buymeacoffee link|
https://buymeacoffee.com/netronsec
Видео Next.js: CVE-2025-29927 Walkthrough | TryHackMe канала NetronSec
Patches:
For Next.js 15.x, this issue is fixed in 15.2.3
For Next.js 14.x, this issue is fixed in 14.2.25
For Next.js versions 11.1.4 thru 13.5.6 we recommend consulting the below workaround.
Original post: https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware
TryHackme Link: https://tryhackme.com/room/nextjscve202529927
If you want to share your knowledge or want to ask questions please feel to ask in the comment section. If you enjoyed or learn something please leave a like. And if you want to get notified whenever I upload please subscribe.
Incase you want to buy me a coffee, here is my buymeacoffee link|
https://buymeacoffee.com/netronsec
Видео Next.js: CVE-2025-29927 Walkthrough | TryHackMe канала NetronSec
Комментарии отсутствуют
Информация о видео
29 марта 2025 г. 8:29:16
00:12:09
Другие видео канала
DLL Hijacking urlmon.dll, dismcore.dll | Hijacking dism.exe, wordpad.exe | 2025
TryHackme | CheeseCTF Walkthrough 2024 | Php Chain Filter Generator| SQLmap | Pinoy | Tagalog
![[THM] Advent of Cyber 2024 | Day 10 - Phishing](https://i.ytimg.com/vi/WBo_rX1LHsc/default.jpg)
[THM] Advent of Cyber 2024 | Day 10 - Phishing
![[THM] Advent of Cyber 2024 | Day 14 - Certificate Mismanagement | Pinoy | Tagalog](https://i.ytimg.com/vi/zoTfj4X_URc/default.jpg)
[THM] Advent of Cyber 2024 | Day 14 - Certificate Mismanagement | Pinoy | Tagalog
TryHackme | Whiterose Walkthrough 2024 | CVE-2022-29078 exploit | CVE-2023-22809| Pinoy | Tagalog
HTB | Knowledge Check 2024 | Tagalog | Pinoy Walkthrough
HTB | Getting Started 2024 | Nibbles Enumeration | Pinoy | Tagalog
TryHackme | Lookup Walkthrough 2024 | CVE-2019-9194 | Tagalog | Pinoy
HTB | Using the Metasploit Framework | Modules 2024 | Tagalog | Pinoy Walkthrough
Phishing | Delivering Malicious MS Word 2016 Macro to get a reverse shell
HTB | Getting Started | Nibbles Privileged Escalation | Pinoy | Tagalog 2024
TryHackMe | Wreath | Webserver Walkthrough 2024
Phishing | Creating Malicious MS Word 2016 Macro to get a reverse shell
Active Directory Hacking | Domain Enumeration using Ldapdomaindump 2024 | Tagalog | Pinoy
Phishing | Creating Malicious MS Word 2016 Macro via regsvr32
Active Directory Hacking | NetExec module rdp, spider_plus 2024 | Pinoy | Tagalog
Active Directory Hacking | Domain Enumeration using Bloodhound 2024 | Kali Linux | Pinoy | Tagalog
Windows Explorer CVE-2025-24071 | Walkthrough 2025 | Easily Grab NTLM Hashes
Offensive Security Tooling | Intercept Web Transactions using BurpSuite 2024 | Pinoy | Tagalog
Install Kali 2024 | How to be a Hacker | Pinoy | Tagalog |
