## https://sploitus.com/exploit?id=67481DBF-B1BF-5637-A169-CAB50599197D
## Hunting for CVE-2025-55182
### Using Open Source Intelligence to Identify Vulnerable (Shodan Search Engine)
- Go to [Shodan](https://www.shodan.io/).
- In the search bar, enter the following query to find devices running the vulnerable version of the Next.js framework:
```
http.component:"Next.js" 200
```

- Download in the terminal the results of the search using the Shodan CLI:
```bash
shodan download nextjs_vuln "http.component:'Next.js' 200"
```

- Filter the results to identify domains, ips are running the vulnerable version of Next.js:
```bash
shodan parse --fields ip_str nextjs_data.json.gz > ips.txt
shodan parse --fields hostnames nextjs_data.json.gz > domains.txt
```
### Verifying Vulnerability (Using this PoC scanner script [react2shell-scanner](https://github.com/assetnote/react2shell-scanner))

### PoC Exploit
- I created a simple PoC exploit to demonstrate the vulnerability. You can find it [here](/poc.py).

- Using `nuclei` to scan for the vulnerability:
```bash
cat domains.txt | nuclei -t ./nuclei-templates/http/cves/2025/CVE-2025-55182.yaml
```

### References
- https://react.dev/reference/rsc/server-functions
- https://tonyalicea.dev/blog/understanding-react-server-components/
- https://github.com/facebook/react/pull/35277/commits/e2fd5dc6ad973dd3f220056404d0ae0a8707998d
- https://developer.mozilla.org/en-US/docs/Learn_web_development/Extensions/Advanced_JavaScript_objects/Object_prototypes
- https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function/Function
- https://x.com/maple3142