Share
## https://sploitus.com/exploit?id=9F2A41D5-605B-5D6E-AE06-67D47AD78DFD
# React2Shell (CVE-2025-55182) - Proof of Concept

A comprehensive proof-of-concept exploit and educational resource for CVE-2025-55182, a critical remote code execution vulnerability affecting React Server Components with a CVSS score of 10.0.

![Python Version](https://img.shields.io/badge/python-3.7+-blue.svg)
![License](https://img.shields.io/badge/license-MIT-green.svg)
![CVSS](https://img.shields.io/badge/CVSS-10.0-critical.svg)

## Legal Disclaimer

**FOR EDUCATIONAL AND AUTHORIZED TESTING PURPOSES ONLY**

This tool is provided for educational purposes and authorized security testing only. Unauthorized access to computer systems is illegal under various laws including the Computer Fraud and Abuse Act (CFAA) in the United States and similar legislation worldwide.

**You must:**
- Only use this tool on systems you own or have explicit written authorization to test
- Comply with all applicable local, state, and federal laws
- Use this tool responsibly and ethically

**The author and contributors:**
- Are not responsible for any misuse or damage caused by this tool
- Do not endorse or encourage unauthorized access to computer systems
- Provide this tool strictly for educational and defensive security purposes

By using this tool, you acknowledge that you understand and agree to these terms.

## ๐Ÿ“‹ Table of Contents

- [Overview](#overview)
- [Vulnerability Details](#vulnerability-details)
- [Affected Versions](#affected-versions)
- [Technical Analysis](#technical-analysis)
- [Installation](#installation)
- [Usage](#usage)
- [Detection](#detection)
- [Remediation](#remediation)
- [Lab Environment Setup](#lab-environment-setup)
- [References](#references)
- [Contributing](#contributing)
- [Author](#author)

## ๐ŸŽฏ Overview

React2Shell is a critical vulnerability discovered in December 2025 that affects React Server Components (RSC) and frameworks implementing them, particularly Next.js. The vulnerability allows **unauthenticated remote code execution** through a single crafted HTTP request.

This repository contains:
- โœ… Automated Python exploit script
- โœ… Detailed technical analysis
- โœ… Detection rules (Snort, OSQuery)
- โœ… Lab environment setup guide
- โœ… Comprehensive documentation

## ๐Ÿ” Vulnerability Details

| Field | Details |
|-------|---------|
| **CVE ID** | CVE-2025-55182 |
| **CVSS Score** | 10.0 (Critical) |
| **Attack Vector** | Network |
| **Attack Complexity** | Low |
| **Privileges Required** | None |
| **User Interaction** | None |
| **Impact** | Complete system compromise (RCE) |
| **Disclosure Date** | December 2025 |

### What Makes This Critical?

1. **No Authentication Required** - Exploitable by any unauthenticated attacker
2. **Default Configurations Vulnerable** - Standard Next.js apps created with `create-next-app` are exploitable
3. **High Reliability** - Near 100% exploitation success rate
4. **Wide Attack Surface** - 571,000+ public servers running React components (Shodan data)
5. **Severe Impact** - Full remote code execution with Node.js process privileges

## ๐Ÿ“ฆ Affected Versions

### React Server Components

**Vulnerable versions:**
- `react-server-dom-webpack`: 19.0.0, 19.1.0, 19.1.1, 19.2.0
- `react-server-dom-parcel`: 19.0.0, 19.1.0, 19.1.1, 19.2.0
- `react-server-dom-turbopack`: 19.0.0, 19.1.0, 19.1.1, 19.2.0

**Patched versions:**
- React 19.0.1
- React 19.1.2
- React 19.2.1

### Next.js

**Vulnerable versions:**
- All versions โ‰ฅ14.3.0-canary.77
- All 15.x releases (pre-patch)
- All 16.x releases (pre-patch)

**Patched versions:**
- Check Next.js releases for updated versions incorporating React patches

### Other Affected Frameworks

- React Router (when using RSC mode)
- Waku
- Redwood SDK
- Various RSC-enabled frameworks

## ๐Ÿ”ฌ Technical Analysis

### Root Cause

The vulnerability exists in the `requireModule` function within React Server Components' deserialization logic:
```javascript
function requireModule(metadata) {  
  var moduleExports = __webpack_require__(metadata[0]);  
  return moduleExports[metadata[2]];  // VULNERABLE LINE - Prototype chain traversal
}
```

The flaw allows attackers to traverse JavaScript's prototype chain through the React Flight protocol, accessing the `Function` constructor via properties like `constructor.constructor`, enabling arbitrary code execution.

### Exploitation Chain

1. **Fake Chunk Creation** - Attacker sends multipart form data with a crafted chunk object
2. **Prototype Pollution** - Exploits `__proto__` to create self-referential structure
3. **Blob Handler Abuse** - Triggers React's internal Blob deserialization handler
4. **Function Constructor Access** - Chains through `constructor.constructor` to access `Function()`
5. **Code Execution** - Injects arbitrary JavaScript via `child_process.execSync()`

### Attack Flow Diagram
```
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚  Attacker sends multipart/form-data with Next-Action header โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
                       โ”‚
                       โ–ผ
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚  Server deserializes payload via React Flight protocol      โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
                       โ”‚
                       โ–ผ
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚  Fake chunk object with __proto__ pollution processed       โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
                       โ”‚
                       โ–ผ
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚  Blob handler invokes _formData.get(_prefix + id)           โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
                       โ”‚
                       โ–ผ
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚  Resolves to Function("malicious_code")                     โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
                       โ”‚
                       โ–ผ
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚  Arbitrary code executed with Node.js process privileges    โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
```

## ๐Ÿš€ Installation

### Requirements

- Python 3.7 or higher
- `requests` library

### Setup
```bash
# Clone the repository
git clone https://github.com/yourusername/react2shell-poc.git
cd react2shell-poc

# Install dependencies
pip install -r requirements.txt

# Make script executable (Linux/macOS)
chmod +x react2shell.py
```

### Requirements.txt
```
requests>=2.31.0
urllib3>=2.0.0
```

## ๐Ÿ’ป Usage

### Basic Usage
```bash
python3 react2shell.py
```

### Interactive Session
```
โ•”โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•—
โ•‘           React2Shell (CVE-2025-55182) PoC                โ•‘
โ•‘                 CVSS 10.0 - Critical RCE                  โ•‘
โ•‘                                                           โ•‘
โ•‘  Affected: React 19.0.0, 19.1.0, 19.1.1, 19.2.0          โ•‘
โ•‘           Next.js โ‰ฅ14.3.0-canary.77, 15.x, 16.x          โ•‘
โ•‘                                                           โ•‘
โ•‘  Cerberus Secure - Lab Use Only                          โ•‘
โ•šโ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•

[?] Enter target information:
    Host (e.g., localhost or 192.168.1.100): localhost
    Port (e.g., 3000): 3000

[React2Shell]> id
[*] Target: http://localhost:3000/
[*] Command: id
[*] Building exploit payload...
[*] Sending exploit request...
[+] Response Status Code: 200
[*] Parsing response...

โ•”โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•—
โ•‘                    COMMAND OUTPUT                         โ•‘
โ•šโ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•
uid=1000(node) gid=1000(node) groups=1000(node)

[React2Shell]> whoami
[React2Shell]> pwd
[React2Shell]> ls -la
[React2Shell]> exit
```

### Example Commands
```bash
# System reconnaissance
[React2Shell]> id
[React2Shell]> whoami
[React2Shell]> uname -a
[React2Shell]> cat /etc/os-release

# File system exploration
[React2Shell]> pwd
[React2Shell]> ls -la
[React2Shell]> cat package.json

# Environment variables (often contain secrets)
[React2Shell]> printenv
[React2Shell]> echo $PATH

# Network information
[React2Shell]> ifconfig
[React2Shell]> netstat -tulpn
```

### Available Commands

| Command | Description |
|---------|-------------|
| `` | Execute command on target |
| `help` | Display help message |
| `exit` / `quit` / `q` | Exit the tool |

## ๐Ÿ›ก๏ธ Detection

### Network-Level Detection (Snort v3)

Deploy this Snort rule to detect exploitation attempts:
```bash
alert http any any -> $LAN_NETWORK any (
    msg:"Potential Next.js React2Shell / CVE-2025-55182 attempt";
    flow:to_server,established;
    content:"Next-Action"; http_header; nocase;
    content:"multipart/form-data"; http_header; nocase;
    pcre:"/Content-Disposition:\s*form-data;\s*name=\"0\"/s";
    pcre:"/\"status\"\s*:\s*\"resolved_model\"/s";
    pcre:"/\"then\"\s*:\s*\"\$1:__proto__:then\"/s";
    classtype:web-application-attack;
    sid:6655001;
    rev:1;
)
```

**Detection Logic:**
- Monitors for `Next-Action` header (RSC-specific)
- Detects `multipart/form-data` payloads
- Identifies exploit-specific patterns: `name="0"`, `status: "resolved_model"`, `then: "$1:__proto__:then"`

### Endpoint Detection (OSQuery)

Use this OSQuery rule to scan for vulnerable package versions:
```json
{
  "queries": {
    "detect_react2shell_vulnerable_packages": {
      "query": "SELECT name, version, path FROM npm_packages WHERE (name='react-server-dom-parcel' AND (version='19.0.0' OR (version >= '19.1.0' AND version = '19.1.0' AND version = '19.1.0' AND version < '19.1.2') OR version='19.2.0'));",
      "interval": 3600,
      "description": "Detects vulnerable versions of React Server Components packages affected by CVE-2025-55182",
      "platform": "linux,windows,macos",
      "version": "1.0"
    }
  }
}
```

**Benefits:**
- Scans endpoints for vulnerable packages
- Works in development, staging, and production environments
- Can be integrated into CI/CD pipelines
- Provides early warning before deployment

### Log Analysis Indicators

Look for these patterns in your application logs:
```
- HTTP POST requests with "Next-Action" header
- Unusual multipart/form-data requests to application root
- Error messages containing "NEXT_REDIRECT" with unexpected digest values
- Spike in 500 errors with React-related stack traces
- Child process spawning from Node.js (execSync, spawn, exec)
```

## ๐Ÿ”ง Remediation

### Immediate Actions

#### 1. Update Vulnerable Packages
```bash
# Check current versions
npm list react-server-dom-webpack react-server-dom-parcel react-server-dom-turbopack

# Update React to patched version
npm install react@19.2.1 react-dom@19.2.1

# Update Next.js to latest patched version
npm install next@latest

# Verify updates
npm list react react-dom next
```

#### 2. Verify Application Rebuild
```bash
# Clear cache and rebuild
rm -rf .next node_modules package-lock.json
npm install
npm run build
```

#### 3. Deploy Updated Applications

- **Development:** Test thoroughly in staging environment
- **Staging:** Validate all functionality before production
- **Production:** Deploy with appropriate rollback plan

### Long-Term Security Measures

#### 1. Implement Web Application Firewall (WAF) Rules

Block suspicious patterns:
```
- Requests with "Next-Action" header from untrusted sources
- Multipart form data with suspicious JSON structures
- Requests matching exploit signature patterns
```

#### 2. Network Segmentation

- Isolate React applications in separate network zones
- Implement strict egress filtering
- Monitor and alert on unusual outbound connections

#### 3. Runtime Application Self-Protection (RASP)

- Deploy RASP solutions to detect and block exploitation attempts
- Monitor for suspicious child process spawning
- Alert on unexpected code execution patterns

#### 4. Security Scanning in CI/CD
```yaml
# Example GitHub Actions workflow
name: Security Scan
on: [push, pull_request]

jobs:
  dependency-check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Check for vulnerable React packages
        run: |
          npm audit --audit-level=critical
          npm list react-server-dom-webpack react-server-dom-parcel react-server-dom-turbopack
```

#### 5. Monitoring and Alerting

Set up alerts for:
- Deployment of vulnerable package versions
- Exploitation attempt patterns in logs
- Unexpected child process creation
- Network connections to suspicious destinations

## ๐Ÿงช Lab Environment Setup

### Option 1: Vulnerable Next.js Application
```bash
# Create a new Next.js app with vulnerable version
npx create-next-app@14.3.0 vulnerable-app
cd vulnerable-app

# Install vulnerable React version
npm install react@19.0.0 react-dom@19.0.0

# Start the development server
npm run dev
```

### Option 2: Docker Environment

Create a `Dockerfile`:
```dockerfile
FROM node:18-alpine

WORKDIR /app

# Create a basic Next.js app
RUN npx create-next-app@14.3.0 vulnerable-app --typescript --tailwind --app --no-src-dir

WORKDIR /app/vulnerable-app

# Install vulnerable React versions
RUN npm install react@19.0.0 react-dom@19.0.0

EXPOSE 3000

CMD ["npm", "run", "dev"]
```

Build and run:
```bash
docker build -t react2shell-lab .
docker run -p 3000:3000 react2shell-lab
```

### Option 3: Docker Compose

Create `docker-compose.yml`:
```yaml
version: '3.8'
services:
  vulnerable-app:
    build: .
    ports:
      - "3000:3000"
    environment:
      - NODE_ENV=development
    volumes:
      - ./app:/app/vulnerable-app
```

Run:
```bash
docker-compose up -d
```

### Verify Vulnerability

Test with curl:
```bash
curl -X POST http://localhost:3000/ \
  -H "Next-Action: x" \
  -H "Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryx8jO2oVc6SWP3Sad" \
  --data-binary @exploit_payload.txt
```

## ๐Ÿ“š References

### Official Security Advisories

- [React Security Advisory - CVE-2025-55182](https://github.com/facebook/react/security/advisories)
- [Next.js Security Advisory](https://github.com/vercel/next.js/security/advisories)
- [NVD - CVE-2025-55182](https://nvd.nist.gov/vuln/detail/CVE-2025-55182)

### Research and Analysis

- [Original PoC by maple3142](https://github.com/maple3142/CVE-2025-55182)
- [Wiz Security Research - React2Shell Analysis](https://www.wiz.io/blog/react2shell)
- [Assetnote Security Research](https://www.assetnote.io/resources/research/react2shell-cve-2025-55182)

### Detection and Mitigation

- [Snort Documentation](https://www.snort.org/documents)
- [OSQuery Documentation](https://osquery.io/docs/)
- [React Server Components Documentation](https://react.dev/reference/rsc/server-components)

### Related Vulnerabilities

- [Log4Shell (CVE-2021-44228)](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) - Similar RCE through deserialization
- [Spring4Shell (CVE-2022-22965)](https://nvd.nist.gov/vuln/detail/CVE-2022-22965) - Framework-level RCE

## ๐Ÿค Contributing

Contributions are welcome! Please follow these guidelines:

1. **Fork the repository**
2. **Create a feature branch** (`git checkout -b feature/improvement`)
3. **Commit your changes** (`git commit -am 'Add new detection method'`)
4. **Push to the branch** (`git push origin feature/improvement`)
5. **Create a Pull Request**

### Areas for Contribution

- Additional detection rules (Suricata, Zeek, etc.)
- Integration with security frameworks (MISP, TheHive, etc.)
- Enhanced payload variations
- Improved output parsing
- Additional documentation and translations

## ๐Ÿ“ License

This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.

## ๐Ÿ‘ค Author

**Tinashe**
- Position: Cybersecurity Solutions Architect
- Organization: Cerberus Secure / iConnect SA
- Location: Johannesburg, South Africa
- LinkedIn: https://www.linkedin.com/in/tinashe-matanda/
- GitHub: [@tinashelorenzi](https://github.com/tinashelorenzi)

### About Cerberus Secure

Cerberus Secure is the cybersecurity division of iConnect SA, specializing in:
- DDoS mitigation and network security
- GRC compliance (POPIA, ECT, PCI-DSS, HPCSA)
- Security architecture and solution design
- Incident response and threat intelligence
- Custom SIEM development (Olympus platform)

## ๐Ÿ™ Acknowledgments

- **maple3142** - Original proof-of-concept research
- **Wiz Security Research** - Comprehensive vulnerability analysis
- **Assetnote** - Enhanced exploitation techniques
- **React Team** - Rapid response and patch development
- **Next.js Team** - Framework-level mitigation implementation

## โš–๏ธ Responsible Disclosure

This vulnerability was responsibly disclosed by security researchers to the React team. This PoC is released after:
- Official patches have been made available
- Sufficient time for organizations to update
- Public disclosure by the React security team

**Timeline:**
- December 2025: Vulnerability discovered
- December 2025: Coordinated disclosure to React team
- December 2025: Patches released (19.0.1, 19.1.2, 19.2.1)
- December 2025: Public disclosure and PoC release

---

**Remember: Use this tool responsibly and only on systems you are authorized to test.**

*For questions, concerns, or security issues with this repository, please open an issue or contact the maintainer directly.*