## https://sploitus.com/exploit?id=4C2DA3AF-2770-51FB-8274-FE4161CF3A82
# CVE-2025-55182 - React Server Components RCE Scanner



A comprehensive tool for testing and demonstrating CVE-2025-55182, a critical pre-authentication remote code execution vulnerability in React Server Components.
## ๐ Overview
This vulnerability affects React Server Components versions:
- 19.0.0
- 19.1.0
- 19.1.1
- 19.2.0
Affected packages:
- `react-server-dom-parcel`
- `react-server-dom-turbopack`
- `react-server-dom-webpack`
The vulnerability allows unauthenticated attackers to execute arbitrary code remotely through unsafe deserialization of payloads from HTTP requests to Server Function endpoints.
## โ ๏ธ Disclaimer
**FOR EDUCATIONAL AND AUTHORIZED TESTING PURPOSES ONLY**
This tool is provided for security research and authorized penetration testing only. Unauthorized access to computer systems is illegal. Users are responsible for complying with all applicable laws and regulations. The authors assume no liability for misuse of this tool.
## ๐ Features
- **๐ณ Docker Support**: One-command deployment with Docker and Docker Compose
- **๐ Web Interface**: User-friendly web UI for non-technical users
- **๐ Local Vulnerable Environment**: Quickly spin up a vulnerable React application for testing
- **๐ฏ Remote Target Scanning**: Test external targets for vulnerability
- **โก Interactive Command Execution**: Execute arbitrary OS commands and see results
- **๐ Multiple Scan Modes**: Detection-only or full exploitation
- **๐ Detailed Reporting**: JSON and text output formats
## ๐ Prerequisites
- macOS, Linux, or Windows with WSL2
- **Option 1 (Docker - Recommended):**
- Docker Desktop installed
- **Option 2 (Local):**
- Node.js 18+ (for vulnerable app)
- Go 1.19+ or Homebrew (for Nuclei)
## ๐ ๏ธ Installation
### Quick Start (Docker - Recommended)
```bash
# Clone the repository
git clone https://github.com/StealthMoud/CVE-2025-55182-Scanner.git
cd CVE-2025-55182-Scanner
# Start the scanner with Docker
docker-compose up
# Access web interface at http://localhost:3001
```
### Full Installation Guide
See [SETUP_GUIDE.md](SETUP_GUIDE.md) for detailed step-by-step instructions.
### Quick Start Without Docker
```bash
# Clone repository
git clone https://github.com/StealthMoud/CVE-2025-55182-Scanner.git
cd CVE-2025-55182-Scanner
# Install Nuclei (macOS)
brew install nuclei
# Make scripts executable
chmod +x scripts/*.sh
```
See [QUICKSTART.md](QUICKSTART.md) for more options.
## ๐ Usage
### ๐ณ Using Docker (Easiest)
**Start Web Interface:**
```bash
docker-compose up
# Open browser: http://localhost:3001
```
**Start with Vulnerable Test App:**
```bash
docker-compose --profile with-vulnerable-app up
# Scanner: http://localhost:3001
# Vulnerable app: http://localhost:3000
```
### ๐ Using Web Interface
1. Navigate to `http://localhost:3001`
2. Choose mode:
- **Detection**: Check if target is vulnerable
- **Command Execution**: Execute OS commands
3. Enter target URL
4. Check authorization box
5. Click "Start Scan" or "Execute Command"
6. View results in real-time
### ๐ป Using Command Line
### Option 1: Test on Local Vulnerable Application
This will create and run a vulnerable React application on your localhost for testing purposes.
```bash
./scripts/setup-vulnerable-app.sh
```
This script will:
1. Create a vulnerable Next.js application
2. Install required dependencies
3. Start the application on `http://localhost:3000`
**Then test it:**
```bash
./scripts/test-local.sh
```
**Execute custom commands:**
```bash
./scripts/test-local.sh "whoami"
./scripts/test-local.sh "pwd"
./scripts/test-local.sh "ls -la"
```
### Option 2: Test Remote Target
To test if a remote target is vulnerable:
```bash
./scripts/test-remote.sh https://target.com
```
**With custom command execution:**
```bash
./scripts/test-remote.sh https://target.com "id"
```
**Test multiple targets:**
```bash
# Create a file with target URLs (one per line)
cat > targets.txt << EOF
https://target1.com
https://target2.com
https://target3.com
EOF
# Test all targets
./scripts/test-multiple.sh targets.txt
```
## ๐ฏ Manual Testing with Nuclei
### Basic Vulnerability Check
```bash
nuclei -t templates/cve-2025-55182.yaml -u http://localhost:3000 -v
```
### Execute Custom Commands
```bash
nuclei -t templates/cve-2025-55182-interactive.yaml \
-u http://localhost:3000 \
-var cmd="whoami" \
-v
```
### Test Multiple Targets
```bash
nuclei -t templates/cve-2025-55182.yaml -l targets.txt -v
```
## ๐ Project Structure
```
CVE-2025-55182-Scanner/
โโโ README.md # This file
โโโ QUICKSTART.md # Quick start guide
โโโ SETUP_GUIDE.md # Detailed setup instructions
โโโ LICENSE # License file
โโโ Dockerfile # Docker configuration
โโโ docker-compose.yml # Docker Compose configuration
โโโ templates/
โ โโโ cve-2025-55182.yaml # Detection template
โ โโโ cve-2025-55182-interactive.yaml # Interactive RCE template
โโโ scripts/
โ โโโ setup-vulnerable-app.sh # Setup local vulnerable app
โ โโโ test-local.sh # Test local instance
โ โโโ test-remote.sh # Test remote target
โ โโโ test-multiple.sh # Test multiple targets
โโโ web-ui/ # Web interface
โ โโโ server.js # Express server
โ โโโ package.json # Dependencies
โ โโโ public/
โ โโโ index.html # Frontend
โโโ vulnerable-app/ # Generated vulnerable Next.js app
โ โโโ Dockerfile # Docker config for vulnerable app
โ โโโ ...
โโโ docs/
โโโ TECHNICAL.md # Technical details
โโโ REMEDIATION.md # How to fix
```
## ๐ฌ Technical Details
The vulnerability exists in the deserialization of payloads sent to Server Function endpoints. Attackers can craft malicious payloads that exploit prototype pollution and unsafe code evaluation to achieve remote code execution.
For detailed technical analysis, see [docs/TECHNICAL.md](docs/TECHNICAL.md)
## ๐ก๏ธ Remediation
If you're running a vulnerable version:
1. **Immediate Action**: Update to a patched version
2. **Next.js users**: Update to the latest version
3. **Temporary Mitigation**: Implement input validation and WAF rules
For detailed remediation steps, see [docs/REMEDIATION.md](docs/REMEDIATION.md)
## ๐ References
- [React Security Advisory](https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components)
- [Facebook Security Advisory CVE-2025-55182](https://www.facebook.com/security/advisories/cve-2025-55182)
- [Next.js Security Advisory](https://github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp)
- [Vercel Changelog](https://vercel.com/changelog/cve-2025-55182)
- [Assetnote React2Shell Scanner](https://github.com/assetnote/react2shell-scanner)
## ๐ค Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
## ๐ License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
## ๐ฅ Authors
- [@StealthMoud](https://x.com/@StealthMoud)
## โญ Acknowledgments
- ProjectDiscovery for Nuclei
- Security researchers who discovered and reported this vulnerability
- The React and Next.js teams for their rapid response
## ๐ Stay Updated
Watch this repository for updates and new features!
---
**Remember**: Only test systems you own or have explicit written permission to test. Unauthorized testing is illegal.