RootSys

@RootSysAt

We deliver top-tier security services, including penetration testing, code audits, security research, hardware hacking, and AppSec reviews.

Science & Technology

Tyrol, Austria

rootsys.at

Joined July 2024

10Posts 155Followers 9Following

Pinned

RootSys

Sep 21

🚨 Next.js and the Mutated Middleware [CVE-2025-57822] - a powerful SSRF primitive enabling full control over HTTP methods, headers & URLs. See how a subtle middleware bug can result in a high-impact vulnerability: 🔗 blog.rootsys.at/posts/nextjs-a… #AppSec #Nextjs #SSRF

RootSysAt's tweet card. This post details our discovery of CVE-2025-57822, a powerful SSRF in Next.js that allows full control over HTTP methods, headers, and target URLs.

Next.js and the Mutated Middleware

Source: blog.rootsys.at

RootSys reposted

payloadartist

Oct 31

Next.js and the Mutated Middleware - interesting analysis of CVE-2025-57822 in Next.js blog.rootsys.at/posts/nextjs-a… By @RootSysAt team #bugbounty #bugbountytips

payloadartist's tweet image. Next.js and the Mutated Middleware - interesting analysis of CVE-2025-57822 in Next.js

blog.rootsys.at/posts/nextjs-a…

By @RootSysAt team

#bugbounty #bugbountytips

RootSys

Oct 24

Thank you, Clint, for featuring our research — Next.js and the Mutated Middleware!

Clint Gibler

Oct 23

📚 tl;dr sec 302 🤖 LLM Honeypot Catches Threat Actor, ⛓️ Supply Chain Compromise Survey, 😈AI-powered Malware tldrsec.com/p/tldr-sec-302

clintgibler's tweet card. Deceiving attackers with an LLM SSH honeypot, root cause analysis of 2024/2025 supply chain compromises, malware leveraging AI for stealth/better effectiveness

[tl;dr sec] #302 - LLM Honeypot Catches Threat Actor, Supply Chain Compromise Survey, AI-powered...

Source: tldrsec.com

RootSys reposted

Intigriti

Sep 28

Next.js has become one of the most popular web development frameworks 🤠 But its extensive functionality introduces multiple attack surfaces for security vulnerabilities to arise... 😬 In our latest article, we documented 3 possible ways to exploit server-side request forgery…

intigriti's tweet image. Next.js has become one of the most popular web development frameworks 🤠

But its extensive functionality introduces multiple attack surfaces for security vulnerabilities to arise... 😬

In our latest article, we documented 3 possible ways to exploit server-side request forgery…

RootSys reposted

zhero;

Sep 27

nice write-up by the authors of the SSRF vector discovery in next.js (CVE-2025-57822), on which the latest Inti CTF/chall was based :

RootSys

Sep 21

🚨 Next.js and the Mutated Middleware [CVE-2025-57822] - a powerful SSRF primitive enabling full control over HTTP methods, headers & URLs. See how a subtle middleware bug can result in a high-impact vulnerability: 🔗 blog.rootsys.at/posts/nextjs-a… #AppSec #Nextjs #SSRF

RootSysAt's tweet card. This post details our discovery of CVE-2025-57822, a powerful SSRF in Next.js that allows full control over HTTP methods, headers, and target URLs.

Next.js and the Mutated Middleware

Source: blog.rootsys.at

RootSys

Sep 17, 2024

RootSys delivers top-tier security services. Check it out at rootsys.at.

RootSysAt's tweet image. RootSys delivers top-tier security services. Check it out at rootsys.at.

Nweke Vitus

@Vitus_Nweke101

David Schekaiban

@dstmx

gass

@gass19_

bm00_

@bm00__

TitanBug

@Titan_Bug

Aseem Yash 🇮🇳

@aseemyash01

Julio

@juliocesarfort

B5T

@b_5_t

Hoeun Visai

@hoeunvisai

Jelmer de Hen

@0x4A6448

Ben

@fullstackpotato

Mr_Anonymous

@sm3552371

ChurchOfLight

@yearofthegoy

Harley Kimball

@infinitelogins

Ahmed Mohamed

@amet_moh

Vaibhav Patel

@vaibl1av

Night_Dive_C

@Chuck6703880517

mute1008

@mute1008

Ishfaq Fariq

@ishfaq_fariq

mARTinae

@mARTinae_zUZu

 𝗛𝗮𝘀𝗮𝗻 🥷🦇🔻

@hasan_zmzm

𓃶ηa𐕣

@samindunimsara

Abeeda

@abeeda01011

Laith Hamad

@LaithHamad62780

art of fugue

@bachchain

SlovenianSteve

@SlovenianSteve

︎ ︎

@0xocdsec

Arour_mohamed

@Arourmohamed01

jp / kw0

@JoshuaProvoste

shk0x

@shk0x

Erfan Tavakoli

@Maverick_0o0

Flavius

@iamflavius

xploiterr

@_xploiterr

MR180

@M4SUD_R4N4

أحمد

@radi_313

Lone_wolf

@Lonewol18464807

Eslam Salem

@net_code

Muhammad Ali

@h0j3n

Hamzah Abdlmotalb Abdullah

@HAbdullah55817

hussian

@hussian78506017

Pwnr

@pwnx0

dedo

@d3doxp

s4dum4

@s4dum4

Joshua

@popc0rn94

Pranav Bhandari

@PranavBhandari6

murilo

@0x0b4d

nuyo4h

@nuyo4h

Ambrish

@0mbrish

Erwin Kievith

@0x454b

Dominik Prodinger

@prdngr_

Hacktron AI

@HacktronAI

Electrovolt Security

@ElectrovoltSec

$S1r1u5_'s profile picture. aham nityaṃ śiṣyaḥ, jagat mama guruḥ. {~hacker~} {founder @ElectrovoltSec, @HacktronAI}$

s1r1us

@S1r1u5_

NSIDE ATTACK LOGIC

@nsideattack

James Kettle

@albinowax

LiveOverflow 🔴

@LiveOverflow

X41 D-SEC GmbH

@X41Sec

Cure53

@cure53berlin

United States Trends

1. #CashAppGreen 1,076 posts
2. hayley 16.7K posts
3. Bubba 19.6K posts
4. Rondo 2,490 posts
5. Wale 43.5K posts
6. Bill Clinton 93.7K posts
7. #FanCashDropPromotion 3,334 posts
8. Hunter Biden 14.4K posts
9. #LCxCODSweepstakes 1,024 posts
10. Bart Scott N/A
11. Summer Walker 35.6K posts
12. #FursuitFriday 13.7K posts
13. #Talus_Labs N/A
14. Ticketmaster 9,309 posts
15. Hilary Duff 2,675 posts
16. Reid Hoffman 30.4K posts
17. Vatican 12.5K posts
18. Thomas Crooks 56.4K posts
19. Morocco 117K posts
20. Jaylon Johnson 1,605 posts

Something went wrong.

Something went wrong.