## https://sploitus.com/exploit?id=534C4624-4F3A-5442-BD86-BC6B98AA0D97
## CVE-2025-55182 Next.js RCE Burp Extension
### Features
- **Passive Scan**: Automatically detects all Next.js sites that pass through Burp.
- **Automatic Exploitation**: Automatically executes `id` and `uname -a` to obtain system information after a vulnerability is detected.
- **Result List**: Displays all vulnerable sites in tabular form.

- **Command Execution**: Right-click on the table to execute custom commands on targets.

### Installation
1. Download `nextjs-rce-scanner-1.0.0.jar`.
2. In Burp Suite, go to **Extender** โ **Extensions** โ **Add**.
3. Extension type: **Java**.
4. Select the JAR file.
### Usage
1. After installing the extension, the **"Next.js RCE"** tab will appear.
2. Simply browse the website normally.
3. The extension automatically detects Next.js sites and tests for vulnerabilities.
4. Sites with detected vulnerabilities are displayed in the table.
### Manual Testing
In Burp, right-click on any request and select **"Test Next.js RCE Vulnerabilities"**.
### Command Execution
1. Right-click on the vulnerable site in the table.
2. Select **"Execute command..."**.
3. Enter the command.
### Compilation
```bash
cd CVE-2025-55182-BurpExtension
mvn clean package -DskipTests
```
The JAR file will be generated in `target/nextjs-rce-scanner-1.0.0.jar`.