A Python script called Ghost-Route checks Next.js websites for the CVE-2025-29927 vulnerability. This vulnerability allows unauthorized access to protected routes via a custom HTTP header. Next.js versions 11.1.4 and above are affected. The script requires cloning the repository and installing dependencies within a virtual environment. Users provide the target website's base URL and the protected path to test. An optional argument displays response headers. The tool is strictly for educational purposes and unauthorized use is discouraged. It is credited to Rachid A. Yasser Allam's research on Next.js and corrupt middleware. The script is released under the MIT License.