fourcube

metadata:
    language: v2-beta
    name: "CVE-2025-29927 - Next.js middleware bypass"
    description: "Checks for differences in responses when using different x-middleware-subrequest header paths"
    author: "Chris Grieger - blueredix.com"
    tags: "next.js", "middleware"

run for each:
    middleware_value = "pages/_middleware",
                       "middleware",

ErFUN-KH

{
    "log": {
        "loglevel": "warning"
    },
    "routing": {
        "domainStrategy": "IPIfNonMatch",
        "rules": [
            {
                "type": "field",
                "ip": [

StevenACoffman

Unicode Character Look-Alikes

Original Letter	Look-Alike(s)
a	а ạ ą ä à á ą
c	с ƈ ċ
d	ԁ ɗ
e	е ẹ ė é è
g	ġ
h	һ