## https://sploitus.com/exploit?id=631B5015-144D-585A-BC16-ADAFDE570CDE
# CVE-2025-55182 Vulnerability Detection and Exploitation Tool
## Project Introduction
This tool is a GUI tool developed using Java Swing. It is designed to detect and exploit the CVE-2025-55182 vulnerability. This vulnerability is a security flaw in the Next.js framework, allowing attackers to execute arbitrary commands through malicious requests.
## Features
### 1. Vulnerability Detection
- Supports batch URL scanning
- Conducts scans concurrently using multiple threads to improve detection speed
- Displays scan progress and count in real-time (e.g., 1/1000 (0%))
- Only displays targets with vulnerabilities; filters irrelevant information
- Supports batch detection of imported files
- Provides a stop scan function
### 2. Command Execution
- Supports execution of Linux/Windows commands
- Automatically or manually selects the target operating system
- Displays command execution results in real-time
### 3. Meme Injection
- Supports injecting memes for simple command execution
- Supports injecting Godzilla memes (with RC4 encryption)
- Automatically generates connection information and usage instructions
### 4. Reverse Shell
- Supports reverse shells for Linux/Windows
- Supports custom reverse commands
- Provides various reverse shell methods (Linux named pipes, Windows PowerShell)
## Technical Architecture
- **Development Language**: Java
- **GUI Framework**: Swing
- **Network Communication**: HttpURLConnection
- **Concurrency Handling**: ExecutorService thread pool
- **Project Management**: Maven
## Environment Requirements
- JDK 8 or higher
- Maven 3.6 or higher
## Compilation and Execution
### 1. Compile the Project
```bash
# Enter the project directory
cd CVE202555182GUI
# Compile and package
mvn clean package
```
### 2. Run the Tool
```bash
# Run the executable JAR file with dependencies
java -jar target/CVE202555182GUI-1.0-SNAPSHOT-jar-with-dependencies.jar
```
## Usage
### Vulnerability Detection
1. Enter one or more target URLs in the "Target URL" text box (one per line)
2. Or click the "Import Files" button to select a file containing a list of URLs
3. Click the "Start Scan" button to start the scan
4. The scan results will be displayed in the "Scan Results" area below
5. You can click the "Stop Scan" button to interrupt the scan process
### Command Execution
1. Enter the target URL
2. Enter the command to execute
3. Select the target operating system (auto/linux/windows)
4. Click the "Execute Command" button
5. The command execution result will be displayed in the "Execution Result" area below
### Meme Injection
1. Enter the target URL
2. Select the meme type (simple command execution/Godzilla meme)
3. Select the target operating system (auto/linux/windows)
4. Click the "Inject Meme" button
5. The injection result and connection information will be displayed in the "Injection Result" area below
### Reverse Shell
1. Enter the target URL
2. Enter the reverse shell IP and port
3. Select the target operating system (linux/windows)
4. Optional: Enter a custom reverse command
5. Click the "Inject Reverse Shell" button
6. The injection result will be displayed in the "Injection Result" area below
## Vulnerability Mechanism
The CVE-2025-55182 vulnerability is due to a security flaw in the Next.js framework when processing specific requests. Attackers can execute arbitrary commands on the server by constructing malicious multipart/form-data requests. The tool detects vulnerabilities through the following steps:
1. Construct a request containing a payload for command execution
2. Send the request to the `/_next/data` path on the target server
3. Check if the expected command execution result is included in the response
4. Determine whether a vulnerability exists based on the result
## Reference Projects
This project is based on the following open-source projects:
- [ReactExploitGUI](https://github.com/darkfiv/ReactExploitGUI) - Provides the core ideas and implementation methods for vulnerability exploitation
## Safety Tips
- This tool is only used for security testing and authorized penetration testing purposes
- Please comply with relevant laws and regulations when using this tool
- Do not use this tool on unauthorized targets
- After completing the testing, please promptly clean up the injected memes
## Notes
1. Scan Speed: By default, 10 threads are used for concurrent scanning. This number can be adjusted according to the network environment.
2. Timeout Settings: The default timeout is 10 seconds. This value can be adjusted according to the network environment.
3. Meme Connection: When using Godzilla memes, you need to download the corresponding Node.js connection plugin.
4. Reverse Shell: You need to start the corresponding listening port locally (e.g., `nc -lvvp 4444`).
## Troubleshooting
### Common Issues and Solutions
1. **Scan Progress Bar Doesn’t Move**
- Check whether the target URL is correct
- Check whether the network connection is normal
- Try reducing the number of concurrent threads
2. **Command Execution Failed**
- Confirm that the target has a vulnerability
- Ensure that the operating system selection is correct
- Check whether the command conforms to the target system syntax
3. **Meme Injection Failed**
- Confirm that the target has a vulnerability
- Check whether the network connection is stable
- Try using different types of memes
4. **Reverse Shell Cannot Connect**
- Ensure that the local listening port is started
- Check whether the network firewall settings are correct
- Confirm that the reverse shell IP and port settings are correct
- Try using a custom reverse command
## Version History
- **v1.0.0**: Initial version
- Implemented basic vulnerability detection functionality
- Implemented command execution functionality
- Implemented meme injection functionality
- Implemented reverse shell functionality
## Disclaimer
This tool is intended only for learning and authorized security testing purposes. Do not use it for illegal purposes. Any consequences resulting from using this tool are the responsibility of the user.
## Contact Information
If you have any questions or suggestions, please feel free to contact the author.