Share
## https://sploitus.com/exploit?id=8C2C3AB1-08BE-516E-A304-53F82AE9F067
# CVE-2025-55182 – Massive Scanner PoC

  
    CVE-2025-55182 (also referred to as “React2Shell”) is a critical Remote Code Execution (RCE) vulnerability in the React Server Components (RSC) system.
The issue occurs because the HTTP payload deserialization mechanism for “Server Functions” processes untrusted input insecurely, allowing an attacker to send a crafted request and trigger arbitrary code execution on the server — without authentication.
The vulnerability has been rated CVSS 10.0 (Critical).
  


# Affected and Fixed Versions:
### React / RSC Package
- ⚠ **Vulnerable versions:** 19.0.0, 19.1.0, 19.1.1, 19.2.0 of the RSC packages ```(react-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack)```.
- ✅ **Patched versions:** 19.0.1, 19.1.2, 19.2.1.

### Frameworks / Ecosystem (e.g., Next.js):
- Any application using React Server Components (RSC) through Next.js or similar integrations may be vulnerable if it relies on the affected RSC versions.
- ⚠ **Next.js vulnerable versions:** various releases in the 15.x and 16.x series (including older canary builds using vulnerable RSC packages).
- ✅ **Patched Next.js versions include:** 15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, and 16.0.7.




 How to use


### My python version:

```
C:\Users\cirqueira>python --version
Python 3.11.0
```

### Requirements:
```
requests
colorama
```
### Commands:
```
git clone https://github.com/CirqueiraDev/MassExploit-CVE-2025-55182.git
```

```
cd MassExploit-CVE-2025-55182
```

```
pip install requests colorama
```

```
python3 CVE-2025-55182.py  
```

---

 ### Owner CirqueiraDev:
 - **Discord: Cirqueira**
 - You can contact me on [**Telegram**](https://t.me/cirqueiradev) or [**Instagram**](https://www.instagram.com/sirkeirax/)
 - **Small Community about IT world, leaks and more**: [**RootNet**](https://discord.gg/r7EGGCp6sC)

> **REMEMBER: All information and code provided on this profile are for educational purposes only. The creator is not responsible for any direct or indirect damage resulting from misuse of this material. Whatever you choose to do is entirely at your own risk and responsibility.**