## https://sploitus.com/exploit?id=2BC02B50-0FD9-52C2-BCFD-1AB8CAB401E9
CVE-2025-55182 Advanced Scanner



Advanced penetration testing tool for detecting and exploiting CVE-2025-55182 vulnerability in Next.js applications
๐ Table of Contents
Overview
Features
Installation
Usage
Examples
Bypass Techniques
Technical Details
Disclaimer
Contributing
License
๐ Overview
CVE-2025-55182 is a critical Remote Code Execution (RCE) vulnerability affecting Next.js applications through React Server Components. This scanner provides an automated way to detect and exploit this vulnerability with various WAF bypass techniques.
CVSS Score: 9.8 (Critical)
โจ Features
Multiple Payload Variants: Different exploitation patterns
WAF Bypass Techniques: 8 different bypass methods
Custom Command Execution: Execute arbitrary system commands
Vulnerability Testing: Test-only mode for safe detection
Proxy Support: Route traffic through proxy for debugging
SSL Bypass: Option to skip SSL certificate verification
Retry Mechanism: Automatic retry on failure
Colorful Output: Easy-to-read console interface
๐ Installation
Prerequisites
Python 3.6 or higher
pip package manager
# Install dependencies
pip install -r requirements.txt
# Make the script executable (Linux/Mac)
chmod +x scanner.py
Docker Installation
bash
# Build Docker image
docker build -t cve-2025-55182-scanner .
# Run with Docker
docker run --rm cve-2025-55182-scanner -h
๐ Usage
Basic Usage
bash
# Show help
python scanner.py -h
# Test a target
python scanner.py -d http://target.com --test-only
# Execute command
python scanner.py -d http://target.com -c "whoami"
Command-line Options
Option Description Default
-d, --domain Target URL http://localhost:3000
-c, --command Command to execute id
-t, --technique Bypass technique (1-8) 1
-p, --proxy Proxy server None
-k, --insecure Skip SSL verification False
--test-only Only test for vulnerability False
-h, --help Show help message N/A
๐ Examples
Basic Exploitation
bash
# Test if target is vulnerable
python scanner.py -d http://vulnapp.com --test-only
# Execute simple command
python scanner.py -d http://vulnapp.com -c "id"
# List directory contents
python scanner.py -d https://target.com -c "ls -la" -k
# Read system file
python scanner.py -d http://localhost:3000 -c "cat /etc/passwd"
WAF Bypass Examples
bash
# Use Base64 encoding bypass
python scanner.py -d http://target.com -c "uname -a" -t 2
# Use Unicode encoding
python scanner.py -d https://target.com -c "whoami" -t 3 -k
# Use mixed techniques with proxy
python scanner.py -d http://target.com -c "pwd" -t 4 -p http://127.0.0.1:8080
# Try all techniques automatically
for i in {1..8}; do
echo "Trying technique $i"
python scanner.py -d http://target.com -c "hostname" -t $i
echo ""
done
Advanced Usage
bash
# Test multiple targets from file
for target in $(cat targets.txt); do
echo "Testing $target"
python scanner.py -d $target --test-only
done
# Save output to file
python scanner.py -d http://target.com -c "ifconfig" > output.txt
# Use with Burp Suite proxy
python scanner.py -d https://target.com -c "env" -p http://127.0.0.1:8080 -k
๐ก๏ธ Bypass Techniques
The scanner includes 8 different WAF bypass techniques:
Default Payload: Original exploitation pattern
Base64 Encoding: Encode commands in Base64
Unicode Encoding: Use Unicode character encoding
Case Manipulation: Random case variations
Double Encoding: Double URL encoding
Null Bytes: Null byte injection
Mixed Headers: Varied HTTP headers
Random Delays: Add random sleep intervals
Each technique can be selected with the -t flag.
๐ง Technical Details
Vulnerability Background
CVE-2025-55182 is a prototype pollution vulnerability in Next.js that leads to Remote Code Execution through React Server Components. The vulnerability allows attackers to execute arbitrary commands on the server.
Payload Structure
The tool uses a specially crafted multipart/form-data request with prototype pollution to achieve RCE:
Prototype Pollution: Pollutes the Promise prototype chain
Command Injection: Injects Node.js child_process execution
Result Extraction: Extracts results through redirect headers
Detection Method
The scanner sends specially crafted requests and looks for:
X-Action-Redirect headers containing command output
Specific response patterns indicating successful exploitation
Error messages that suggest vulnerability presence
โ ๏ธ Disclaimer
IMPORTANT: LEGAL AND ETHICAL USE ONLY
This tool is provided for:
Security research and education
Authorized penetration testing
Vulnerability assessment with proper permission
Defensive security purposes
DO NOT USE THIS TOOL FOR:
Unauthorized testing of systems
Illegal activities
Malicious purposes
Violating terms of service
By using this tool, you agree to:
Use it only on systems you own or have explicit permission to test
Comply with all applicable laws and regulations
Accept full responsibility for your actions
Not hold the author liable for any misuse
๐ค Contributing
Contributions are welcome! Here's how you can help:
Reporting Issues
Check if the issue already exists
Provide detailed reproduction steps
Include error messages and logs
Specify your environment details
Code Contributions
Fork the repository
Create a feature branch
Write clear commit messages
Add tests if applicable
Submit a pull request
Feature Requests
Suggest new features through GitHub issues with the "enhancement" label.
๐ License
This project is licensed under the MIT License - see the LICENSE file for details.
MIT License
Copyright (c) 2025
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
๐ References
CVE-2025-55182 Official Entry
ProjectDiscovery Nuclei Template
Next.js Security Advisories
React Server Components Documentation
โญ Star History
If you find this tool useful, please consider giving it a star on GitHub!
Remember: With great power comes great responsibility. Use this tool ethically and legally.