Share
## https://sploitus.com/exploit?id=534C4624-4F3A-5442-BD86-BC6B98AA0D97
## CVE-2025-55182 Next.js RCE Burp Extension

### Features

- **Passive Scan**: Automatically detects all Next.js sites that pass through Burp.
- **Automatic Exploitation**: Automatically executes `id` and `uname -a` to obtain system information after a vulnerability is detected.
- **Result List**: Displays all vulnerable sites in tabular form.
![alt text](image.png)
- **Command Execution**: Right-click on the table to execute custom commands on targets.
![alt text](image-1.png)

### Installation

1. Download `nextjs-rce-scanner-1.0.0.jar`.
2. In Burp Suite, go to **Extender** โ†’ **Extensions** โ†’ **Add**.
3. Extension type: **Java**.
4. Select the JAR file.

### Usage

1. After installing the extension, the **"Next.js RCE"** tab will appear.
2. Simply browse the website normally.
3. The extension automatically detects Next.js sites and tests for vulnerabilities.
4. Sites with detected vulnerabilities are displayed in the table.

### Manual Testing

In Burp, right-click on any request and select **"Test Next.js RCE Vulnerabilities"**.

### Command Execution

1. Right-click on the vulnerable site in the table.
2. Select **"Execute command..."**.
3. Enter the command.

### Compilation

```bash
cd CVE-2025-55182-BurpExtension
mvn clean package -DskipTests
```

The JAR file will be generated in `target/nextjs-rce-scanner-1.0.0.jar`.