Share
## https://sploitus.com/exploit?id=99686142-1F10-5676-A20D-6106219F9339
# CVE-2025-55182 React2Shell Detection Tool

Detection tools for finding vulnerable React Server Components in your infrastructure.

## Quick Start

```bash
# Install dependencies
pip3 install requests

# Version detection (passive, safe for production)
python3 checker.py -u https://your-app.com
```

## What's Vulnerable

**React Server Components:**
- react-server-dom-webpack 19.0.0 - 19.2.0
- react-server-dom-turbopack 19.0.0 - 19.2.0

**Next.js:**
- 15.0.0 - 15.0.4 (ships with vulnerable React)
- 14.x and 13.5+ (if React 19 manually installed)

**Fixed in:**
- React 19.2.1+
- Next.js 15.0.5+

## Tools

### checker.py

Passive version detection. Safe to run on production without triggering alerts.

```bash
# Single target
python3 checker.py -u https://app.example.com

# Multiple targets
python3 checker.py -l targets.txt -o results.json

# Verbose mode
python3 checker.py -u https://app.example.com -v
```

Checks for version strings in package.json, JavaScript bundles, HTTP headers, and API endpoints.

### Nuclei Template

If you use Nuclei:

```bash
# Version detection
nuclei -t CVE-2025-55182-react2shell.yaml -u https://app.example.com
nuclei -t CVE-2025-55182-react2shell.yaml -l targets.txt
```

## Remediation

Update to patched versions:

```bash
npm update react-server-dom-webpack@latest
npm update next@latest
```

Verify the fix:

```bash
npm list react-server-dom-webpack next
```

## Notes

The version detection tool is safe for production and won't trigger security alerts. Use it for initial discovery and continuous monitoring.

## References

- [React Security Advisory](https://github.com/facebook/react/security/advisories/GHSA-h4p6-xr9r-2xfq)
- [React Fix PR](https://github.com/facebook/react/pull/31843)
- CVE-2025-55182