Share
## https://sploitus.com/exploit?id=AD82E4CF-0B25-5818-B0E2-75DDA6946A4C
# React CVE-2025-55182 Vulnerability Scanner

A bash script to scan your server for React applications vulnerable to **CVE-2025-55182** โ€” a critical remote code execution vulnerability (CVSS 10.0) in React Server Components.

## โš ๏ธ About the Vulnerability

On December 3, 2025, the React team disclosed a critical security vulnerability affecting React Server Components. An unauthenticated attacker can exploit a flaw in how React decodes payloads sent to React Server Function endpoints to achieve **remote code execution**.

**Affected packages:**
- `react-server-dom-webpack` versions 19.0.0, 19.1.0, 19.1.1, 19.2.0
- `react-server-dom-parcel` versions 19.0.0, 19.1.0, 19.1.1, 19.2.0
- `react-server-dom-turbopack` versions 19.0.0, 19.1.0, 19.1.1, 19.2.0

**Fixed versions:** 19.0.1, 19.1.2, 19.2.1

๐Ÿ“– [Official React Blog Post](https://react.dev/blog/2025/12/03/react-rsc-security-vulnerability)

## ๐Ÿš€ Quick Start

### One-liner Install & Run

```bash
curl -sSL https://raw.githubusercontent.com/umairahmadh/react-vuln-scanner/main/scan-react-vuln.sh | sudo bash
```

### Manual Installation

```bash
# Download
curl -O https://raw.githubusercontent.com/umairahmadh/react-vuln-scanner/main/scan-react-vuln.sh

# Make executable
chmod +x scan-react-vuln.sh

# Run with sudo for full system scan
sudo ./scan-react-vuln.sh
```

### System-wide Installation

```bash
sudo curl -o /usr/local/bin/scan-react-vuln https://raw.githubusercontent.com/umairahmadh/react-vuln-scanner/main/scan-react-vuln.sh
sudo chmod +x /usr/local/bin/scan-react-vuln

# Now run from anywhere
sudo scan-react-vuln
```

## ๐Ÿ“‹ What It Scans

The script scans the following locations for React applications:

| Location | Description |
|----------|-------------|
| `/root` | Root user's home directory |
| `/home/*` | All user home directories |
| `/var/www` | Common web server root |
| `/srv` | Service data directory |
| `/opt` | Optional application software |

### Exclusions (to reduce false positives)

- `node_modules/` directories
- `.cache/`, `.npm/`, `.pnpm/` directories
- WordPress directories (`wp-content/`, `wp-includes/`, `plugins/`, `themes/`)

## ๐ŸŽจ Output

The scanner provides color-coded output:

- ๐Ÿ”ด **[VULNERABLE]** - Application has vulnerable RSC packages installed
- ๐ŸŸข **[SAFE]** - Application has React but no vulnerable packages
- ๐ŸŸก **[UPDATE RECOMMENDED]** - React version that may be affected

### Example Output

```
============================================================
  React CVE-2025-55182 Vulnerability Scanner
  Critical: Remote Code Execution (CVSS 10.0)
============================================================

Scanning for React applications...

Scanning: /home/deploy (owner: deploy)
[VULNERABLE] my-nextjs-app
  Path: /home/deploy/my-nextjs-app
  Owner: deploy
    - react-server-dom-webpack@19.2.0 (VULNERABLE)
    - react@19.2.0 (UPDATE RECOMMENDED)

[SAFE] my-react-spa
  Path: /home/deploy/my-react-spa
  Owner: deploy
    - react@19.2.1

============================================================
  SCAN COMPLETE
============================================================
```

## ๐Ÿ”ง Requirements

- **Bash 4.0+** (for associative arrays)
- **Linux/macOS** (uses `find`, `grep`, `sed`)
- **Optional:** `jq` for more reliable JSON parsing

### Check your bash version:
```bash
bash --version
```

## ๐Ÿ› ๏ธ Fixing Vulnerabilities

If the scanner finds vulnerable applications, update them immediately:

### General React Apps
```bash
npm install react@latest react-dom@latest
npm install react-server-dom-webpack@latest
```

### Next.js
```bash
npm install next@15.5.7   # or latest in your release line
```

### React Router (with RSC)
```bash
npm install react@latest react-dom@latest react-server-dom-parcel@latest
```

### Waku
```bash
npm install react@latest react-dom@latest react-server-dom-webpack@latest waku@latest
```

## ๐Ÿ”’ Security Notes

- Run with `sudo` to scan all user directories
- The script is read-only and does not modify any files
- Exit code `0` = no vulnerabilities found
- Exit code `1` = vulnerabilities detected (useful for CI/CD)

## ๐Ÿ“„ License

MIT License - Free to use, modify, and distribute.

## ๐Ÿค Contributing

Pull requests welcome! Please ensure any changes:
1. Don't introduce false positives
2. Maintain backward compatibility
3. Work without `jq` installed

## ๐Ÿ“š References

- [CVE-2025-55182](https://nvd.nist.gov/vuln/detail/CVE-2025-55182)
- [React Security Advisory](https://react.dev/blog/2025/12/03/react-rsc-security-vulnerability)
- [Next.js Changelog](https://nextjs.org/docs/pages/building-your-application/upgrading)

---

Made with โค๏ธ for the React community. Stay safe! ๐Ÿ›ก๏ธ