Share
## https://sploitus.com/exploit?id=46776F1C-A3CE-5BA7-8664-DA121728E3E1
# React2Shell Scanner & PoC

Security tools for detecting **CVE-2025-55182** (React2Shell) - a critical Remote Code Execution vulnerability affecting React Server Components and Next.js applications.

## Vulnerability Overview

| Attribute | Details |
|-----------|---------|
| **CVE ID** | CVE-2025-55182 / CVE-2025-66478 |
| **CVSS Score** | 10.0 (Critical) |
| **Impact** | Unauthenticated Remote Code Execution |
| **Affected** | React 19.x, Next.js 15.x/16.x with App Router |
| **Discovered By** | Lachlan Davidson |
| **Disclosure Date** | December 3, 2025 |

## What is React2Shell?

React2Shell is a critical vulnerability in the React Server Components (RSC) "Flight" protocol that allows attackers to execute arbitrary code on the server by sending a specially crafted HTTP request - **no authentication required**.

- Default configurations are vulnerable
- Near 100% exploitation success rate
- Actively exploited in the wild

## Installation

```bash
# Clone the repository
git clone https://github.com/yourusername/react2shell-scanner.git
cd react2shell-scanner

# Install dependencies
pip install requests
```

## Tools Included

### 1. Scanner (`react2shell_scanner.py`)

Safe vulnerability detection tool for scanning Next.js applications.

```bash
# Scan single target
python react2shell_scanner.py -u https://target.com

# Scan multiple targets
python react2shell_scanner.py -l targets.txt

# Verbose output
python react2shell_scanner.py -u https://target.com -v

# JSON output
python react2shell_scanner.py -u https://target.com --json

# Save results
python react2shell_scanner.py -l targets.txt -o results.json
```

### 2. PoC (`react2shell_poc.py`)

Proof of Concept for authorized security testing.

```bash
# Safe vulnerability check (no code execution)
python react2shell_poc.py -u https://target.com --safe-check

# Verify RCE path is reachable
python react2shell_poc.py -u https://target.com --rce-check

# Dump environment variables (requires authorization)
python react2shell_poc.py -u https://target.com --env-dump

# Execute custom command (requires authorization)
python react2shell_poc.py -u https://target.com --exec "whoami"
```

## Example Output

```
โ•”โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•—
โ•‘   React2Shell PoC (CVE-2025-55182 / CVE-2025-66478)            โ•‘
โ•‘   For Authorized Security Testing Only                         โ•‘
โ•šโ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•

[*] Target: https://vulnerable-app.com
[*] Mode: Safe vulnerability detection (no code execution)
[*] Checking if target is Next.js...
[+] Next.js application detected
[*] Sending detection payload...

[+] Results:
    HTTP Status: 500
    Content-Type: text/x-component
    Error Digest: Found

[!] VULNERABLE - React2Shell (CVE-2025-55182) detected!
```

## How Detection Works

The scanner sends a **safe detection payload** that:
1. Triggers the vulnerable deserialization path
2. Causes a specific error response (HTTP 500 with `E{"digest"...}`)
3. Does **NOT** execute any code on the target

**Vulnerability Indicators:**
- HTTP 500 response status
- `E{"digest"` in response body
- `text/x-component` content type

## Remediation

If your application is vulnerable:

### Quick Fix
```bash
npx fix-react2shell-next
```

### Manual Upgrade
| Framework | Vulnerable | Patched |
|-----------|------------|---------|
| Next.js 14.x | < 14.2.35 | 14.2.35+ |
| Next.js 15.0.x | < 15.0.5 | 15.0.5+ |
| Next.js 15.1.x | < 15.1.9 | 15.1.9+ |
| Next.js 15.2.x | < 15.2.6 | 15.2.6+ |
| React 19.x | 19.0.0, 19.1.0, 19.1.1, 19.2.0 | 19.0.1, 19.1.2, 19.2.1+ |

### Post-Patch Actions
1. Rotate all secrets and API keys
2. Review logs for suspicious POST requests with `Next-Action` header
3. Check for unauthorized access or data exfiltration

## Disclaimer

**FOR AUTHORIZED SECURITY TESTING AND EDUCATIONAL PURPOSES ONLY**

- Only scan systems you own or have explicit written permission to test
- Unauthorized access to computer systems is illegal
- The authors are not responsible for any misuse or damage caused by these tools

## References

- [React2Shell Official Site](https://react2shell.com/)
- [Vercel Security Bulletin](https://vercel.com/kb/bulletin/react2shell)
- [NVD - CVE-2025-55182](https://nvd.nist.gov/vuln/detail/CVE-2025-55182)
- [Wiz Deep Dive](https://www.wiz.io/blog/nextjs-cve-2025-55182-react2shell-deep-dive)
- [Datadog Analysis](https://securitylabs.datadoghq.com/articles/cve-2025-55182-react2shell-remote-code-execution-react-server-components/)
- [Trend Micro Research](https://www.trendmicro.com/en_us/research/25/l/CVE-2025-55182-analysis-poc-itw.html)

## License

MIT License

---

**Stay Secure - Patch Your Applications!**