Share
## https://sploitus.com/exploit?id=A97630EC-FB95-5996-B395-CEE53490F5F1
# CVE-2025-55182 (React2Shell) Vulnerability Target

## Vulnerability Description
A RCE vulnerability in React Server Components, allowing unauthorized remote code execution. The attack occurs on the server side through prototype pollution attacks. ## Affected Versions
- Next.js: 16.0.6 (and similar versions 15.x/16.x)
- React: 19.2.0

## Setup Environment
1. Clone the repository: `git clone https://github.com/yourusername/react2shell-vuln-target.git`
2. Enter the directory: `cd cve-2025-55182`
3. Build and start the application: `docker-compose up -d`
4. Access the application: http://localhost:3000 (Confirm the application is running)

## Test the Vulnerability
- Use a public POC for testing (high level): Send a custom POST request to the root path, containing a Next-Action header and a multipart/form-data payload, simulating prototype pollution leading to RCE. Example tools: curl or Python script (refer to the POC repository on GitHub, such as msanft/CVE-2025-55182). Verification: Check if commands are executed inside the container (e.g., using docker logs).

## Fixing Suggestions
Update to Next.js 16.0.7+ and React 19.2.1+. ## References
- CVE details: https://securitylabs.datadoghq.com/articles/cve-2025-55182-react2shell-remote-code-execution-react-server-components
- POC: https://github.com/msanft/CVE-2025-55182