Share
## https://sploitus.com/exploit?id=B003DB9B-C029-5BA3-85A4-E47270B4EC81
# โš›๏ธ React2Shell Exploit (CVE-2025-55182)

![Severity](https://img.shields.io/badge/Severity-Critical-red?style=flat-square)
![CVSS](https://img.shields.io/badge/CVSS-10.0-red?style=flat-square)
![Node](https://img.shields.io/badge/Node.js-v18%2B-green?style=flat-square)
![License](https://img.shields.io/badge/License-MIT-blue?style=flat-square)

A lightweight, automated Proof of Concept (PoC) and bulk scanner for the **Critical RCE vulnerability** in React Server Components (React 19 / Next.js).

**Repository:** [https://github.com/sangleshubham/React-Security-CVE-2025-55182-Exploit](https://github.com/sangleshubham/React-Security-CVE-2025-55182-Exploit)

---

## โš ๏ธ Legal Disclaimer

**FOR EDUCATIONAL AND SECURITY RESEARCH PURPOSES ONLY.**

This tool is designed to help security professionals and administrators verify the vulnerability of their own systems. The author is not responsible for any misuse, damage, or illegal acts performed using this code.
- Do not scan targets without explicit permission.
- This tool executes code on the target server. Use responsibly.

---

## ๐Ÿ” What is CVE-2025-55182?

**CVE-2025-55182** is a remote code execution vulnerability in `react-server-dom-webpack`, a core package used by **Next.js (App Router)** and **React 19**.

The vulnerability allows an unauthenticated attacker to inject malicious payloads into React Server Actions. By manipulating the deserialization process, the attacker can access the JavaScript `Function` constructor and execute arbitrary system commands on the server.

**Affected Versions:**
- `react-server-dom-webpack`: `19.0.0` - `19.2.0`
- `next`: `13.4.x`, `14.x` (pre-14.2.35), `15.x` (pre-15.5.9)

---

## ๐Ÿš€ Setup & Installation

1. **Clone the repository:**
   ```bash
   git clone [https://github.com/sangleshubham/React-Security-CVE-2025-55182-Exploit.git](https://github.com/sangleshubham/React-Security-CVE-2025-55182-Exploit.git)
   ```

2. **Navigate to the directory:**
   ```bash
   cd React-Security-CVE-2025-55182-Exploit
   ```

3. **Check Node.js version:**
   Ensure you have Node.js installed (v18 or higher is recommended).
   ```bash
   node -v
   ```
   *(Note: This script uses standard Node.js libraries, so no `npm install` is required.)*

---

## โšก How to Run the Script

The script `react2shell.js` can scan a single URL or multiple URLs at once.

### Option 1: Scan a Single Target
Run the script followed by the full URL of the target you want to test.

```bash
node react2shell.js http://localhost:3000
```

### Option 2: Scan Multiple Targets
You can provide multiple URLs separated by spaces. The tool will scan them one by one.

```bash
node react2shell.js http://localhost:3000 [http://staging.example.com](http://staging.example.com) [http://192.168.1.15](http://192.168.1.15)
```

---

## ๐Ÿ“Š Understanding the Output

- **โš ๏ธ VULNERABLE:**
  The tool successfully executed the command (`whoami`) on the server. The output will show the username (e.g., `root`, `ubuntu`).
  ```text
  Scanning http://localhost:3000 ... โš ๏ธ  VULNERABLE | Output: 0:"SUCCESS: root"
  ```

- **๐Ÿ›ก๏ธ SAFE:**
  The server rejected the payload, returned a 404, or is patched.
  ```text
  Scanning [http://google.com](http://google.com)     ... ๐Ÿ›ก๏ธ  SAFE (or different error) | Status: 404
  ```

- **โŒ CONNECT ERROR:**
  The script could not reach the server (DNS error, timeout, or server down).
  ```text
  Scanning [http://bad-url.com](http://bad-url.com)    ... โŒ CONNECT ERROR | fetch failed
  ```

---

## ๐Ÿ›ก๏ธ Mitigation

If your application is vulnerable, upgrade your dependencies immediately.

**For Next.js:**
```bash
# Next.js 14
npm install next@14.2.35 react@latest react-dom@latest

# Next.js 15
npm install next@15.5.9 react@latest react-dom@latest
```

**For other frameworks (Waku, Remix, etc):**
Ensure `react-server-dom-webpack` is upgraded to **v19.2.1** or higher.

---

## ๐Ÿ“œ License

Distributed under the MIT License. See `LICENSE` for more information.