Share
## https://sploitus.com/exploit?id=46776F1C-A3CE-5BA7-8664-DA121728E3E1
# React2Shell Scanner & PoC
Security tools for detecting **CVE-2025-55182** (React2Shell) - a critical Remote Code Execution vulnerability affecting React Server Components and Next.js applications.
## Vulnerability Overview
| Attribute | Details |
|-----------|---------|
| **CVE ID** | CVE-2025-55182 / CVE-2025-66478 |
| **CVSS Score** | 10.0 (Critical) |
| **Impact** | Unauthenticated Remote Code Execution |
| **Affected** | React 19.x, Next.js 15.x/16.x with App Router |
| **Discovered By** | Lachlan Davidson |
| **Disclosure Date** | December 3, 2025 |
## What is React2Shell?
React2Shell is a critical vulnerability in the React Server Components (RSC) "Flight" protocol that allows attackers to execute arbitrary code on the server by sending a specially crafted HTTP request - **no authentication required**.
- Default configurations are vulnerable
- Near 100% exploitation success rate
- Actively exploited in the wild
## Installation
```bash
# Clone the repository
git clone https://github.com/yourusername/react2shell-scanner.git
cd react2shell-scanner
# Install dependencies
pip install requests
```
## Tools Included
### 1. Scanner (`react2shell_scanner.py`)
Safe vulnerability detection tool for scanning Next.js applications.
```bash
# Scan single target
python react2shell_scanner.py -u https://target.com
# Scan multiple targets
python react2shell_scanner.py -l targets.txt
# Verbose output
python react2shell_scanner.py -u https://target.com -v
# JSON output
python react2shell_scanner.py -u https://target.com --json
# Save results
python react2shell_scanner.py -l targets.txt -o results.json
```
### 2. PoC (`react2shell_poc.py`)
Proof of Concept for authorized security testing.
```bash
# Safe vulnerability check (no code execution)
python react2shell_poc.py -u https://target.com --safe-check
# Verify RCE path is reachable
python react2shell_poc.py -u https://target.com --rce-check
# Dump environment variables (requires authorization)
python react2shell_poc.py -u https://target.com --env-dump
# Execute custom command (requires authorization)
python react2shell_poc.py -u https://target.com --exec "whoami"
```
## Example Output
```
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ React2Shell PoC (CVE-2025-55182 / CVE-2025-66478) โ
โ For Authorized Security Testing Only โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
[*] Target: https://vulnerable-app.com
[*] Mode: Safe vulnerability detection (no code execution)
[*] Checking if target is Next.js...
[+] Next.js application detected
[*] Sending detection payload...
[+] Results:
HTTP Status: 500
Content-Type: text/x-component
Error Digest: Found
[!] VULNERABLE - React2Shell (CVE-2025-55182) detected!
```
## How Detection Works
The scanner sends a **safe detection payload** that:
1. Triggers the vulnerable deserialization path
2. Causes a specific error response (HTTP 500 with `E{"digest"...}`)
3. Does **NOT** execute any code on the target
**Vulnerability Indicators:**
- HTTP 500 response status
- `E{"digest"` in response body
- `text/x-component` content type
## Remediation
If your application is vulnerable:
### Quick Fix
```bash
npx fix-react2shell-next
```
### Manual Upgrade
| Framework | Vulnerable | Patched |
|-----------|------------|---------|
| Next.js 14.x | < 14.2.35 | 14.2.35+ |
| Next.js 15.0.x | < 15.0.5 | 15.0.5+ |
| Next.js 15.1.x | < 15.1.9 | 15.1.9+ |
| Next.js 15.2.x | < 15.2.6 | 15.2.6+ |
| React 19.x | 19.0.0, 19.1.0, 19.1.1, 19.2.0 | 19.0.1, 19.1.2, 19.2.1+ |
### Post-Patch Actions
1. Rotate all secrets and API keys
2. Review logs for suspicious POST requests with `Next-Action` header
3. Check for unauthorized access or data exfiltration
## Disclaimer
**FOR AUTHORIZED SECURITY TESTING AND EDUCATIONAL PURPOSES ONLY**
- Only scan systems you own or have explicit written permission to test
- Unauthorized access to computer systems is illegal
- The authors are not responsible for any misuse or damage caused by these tools
## References
- [React2Shell Official Site](https://react2shell.com/)
- [Vercel Security Bulletin](https://vercel.com/kb/bulletin/react2shell)
- [NVD - CVE-2025-55182](https://nvd.nist.gov/vuln/detail/CVE-2025-55182)
- [Wiz Deep Dive](https://www.wiz.io/blog/nextjs-cve-2025-55182-react2shell-deep-dive)
- [Datadog Analysis](https://securitylabs.datadoghq.com/articles/cve-2025-55182-react2shell-remote-code-execution-react-server-components/)
- [Trend Micro Research](https://www.trendmicro.com/en_us/research/25/l/CVE-2025-55182-analysis-poc-itw.html)
## License
MIT License
---
**Stay Secure - Patch Your Applications!**