A penetration testing walkthrough exploiting CVE-2025-29927, a NextJS middleware authentication bypass vulnerability, to access protected documentation. After bypassing authentication, a directory traversal flaw in the download API exposes NextAuth configuration files containing hardcoded credentials. These credentials grant
Sort: