VDB
CVE-2025-29927
CVE-2025-29927
PUBLISHED
Next.js ist ein Framework für React-basierte Web-Anwendungen.
EPSS 92.12% · 99.7th percentile
Risk Scores
EPSS Score
92.12%
99.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vercel | Vercel Next.js <15.2.3 | |
| Vercel | Vercel Next.js <12.3.5 | |
| Vercel | Vercel Next.js <13.5.9 | |
| Vercel | Vercel Next.js <14.2.25 |
Exploit Intelligence
- CVE-2025-29927에 대한 설명 및 리서치 (github-poc)
- CVE-2025-29927에 대한 설명 및 리서치 (github-poc)
- CVE-2025-29927에 대한 설명 및 리서치 (github-poc)
- CVE-2025-29927에 대한 설명 및 리서치 (github-poc)
- CVE-2025-29927에 대한 설명 및 리서치 (github-poc)
- CVE-2025-29927에 대한 설명 및 리서치 (github-poc)
- CVE-2025-29927에 대한 설명 및 리서치 (github-poc)
- CVE-2025-29927에 대한 설명 및 리서치 (github-poc)
- CVE-2025-29927에 대한 설명 및 리서치 (github-poc)
- CVE-2025-29927에 대한 설명 및 리서치 (github-poc)
…and 2416 more exploits
Timeline
- CVE Published
- Jun 28, 2021 PoC Published
- Apr 24, 2022 CrowdSec Sighting
- May 5, 2022 CrowdSec Sighting
- May 11, 2022 CrowdSec Sighting
- May 25, 2022 CrowdSec Sighting
- Oct 26, 2022 CrowdSec Sighting
- Jan 4, 2023 CrowdSec Sighting
- Sep 11, 2023 CrowdSec Sighting
- Nov 21, 2023 CrowdSec Sighting
- Nov 25, 2023 CrowdSec Sighting
- Nov 27, 2023 CrowdSec Sighting
References
- https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0627.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0627 advisory
- https://nextjs.org/blog/cve-2025-29927 advisory
- https://github.com/advisories/GHSA-f82v-jwr5-mffw advisory
- https://github.com/websecnl/CVE-2025-29927-PoC-Exploit exploit
- https://github.com/vercel/next.js/releases advisory
- https://beelzebub.ai/blog/threat-huntinga-analysis-of-a-nextjs-exploit-campaign/ exploit
- CVE-2025-29927: Authorization Bypass in Next.js third-party-analysis