## https://sploitus.com/exploit?id=B003DB9B-C029-5BA3-85A4-E47270B4EC81
# โ๏ธ React2Shell Exploit (CVE-2025-55182)




A lightweight, automated Proof of Concept (PoC) and bulk scanner for the **Critical RCE vulnerability** in React Server Components (React 19 / Next.js).
**Repository:** [https://github.com/sangleshubham/React-Security-CVE-2025-55182-Exploit](https://github.com/sangleshubham/React-Security-CVE-2025-55182-Exploit)
---
## โ ๏ธ Legal Disclaimer
**FOR EDUCATIONAL AND SECURITY RESEARCH PURPOSES ONLY.**
This tool is designed to help security professionals and administrators verify the vulnerability of their own systems. The author is not responsible for any misuse, damage, or illegal acts performed using this code.
- Do not scan targets without explicit permission.
- This tool executes code on the target server. Use responsibly.
---
## ๐ What is CVE-2025-55182?
**CVE-2025-55182** is a remote code execution vulnerability in `react-server-dom-webpack`, a core package used by **Next.js (App Router)** and **React 19**.
The vulnerability allows an unauthenticated attacker to inject malicious payloads into React Server Actions. By manipulating the deserialization process, the attacker can access the JavaScript `Function` constructor and execute arbitrary system commands on the server.
**Affected Versions:**
- `react-server-dom-webpack`: `19.0.0` - `19.2.0`
- `next`: `13.4.x`, `14.x` (pre-14.2.35), `15.x` (pre-15.5.9)
---
## ๐ Setup & Installation
1. **Clone the repository:**
```bash
git clone [https://github.com/sangleshubham/React-Security-CVE-2025-55182-Exploit.git](https://github.com/sangleshubham/React-Security-CVE-2025-55182-Exploit.git)
```
2. **Navigate to the directory:**
```bash
cd React-Security-CVE-2025-55182-Exploit
```
3. **Check Node.js version:**
Ensure you have Node.js installed (v18 or higher is recommended).
```bash
node -v
```
*(Note: This script uses standard Node.js libraries, so no `npm install` is required.)*
---
## โก How to Run the Script
The script `react2shell.js` can scan a single URL or multiple URLs at once.
### Option 1: Scan a Single Target
Run the script followed by the full URL of the target you want to test.
```bash
node react2shell.js http://localhost:3000
```
### Option 2: Scan Multiple Targets
You can provide multiple URLs separated by spaces. The tool will scan them one by one.
```bash
node react2shell.js http://localhost:3000 [http://staging.example.com](http://staging.example.com) [http://192.168.1.15](http://192.168.1.15)
```
---
## ๐ Understanding the Output
- **โ ๏ธ VULNERABLE:**
The tool successfully executed the command (`whoami`) on the server. The output will show the username (e.g., `root`, `ubuntu`).
```text
Scanning http://localhost:3000 ... โ ๏ธ VULNERABLE | Output: 0:"SUCCESS: root"
```
- **๐ก๏ธ SAFE:**
The server rejected the payload, returned a 404, or is patched.
```text
Scanning [http://google.com](http://google.com) ... ๐ก๏ธ SAFE (or different error) | Status: 404
```
- **โ CONNECT ERROR:**
The script could not reach the server (DNS error, timeout, or server down).
```text
Scanning [http://bad-url.com](http://bad-url.com) ... โ CONNECT ERROR | fetch failed
```
---
## ๐ก๏ธ Mitigation
If your application is vulnerable, upgrade your dependencies immediately.
**For Next.js:**
```bash
# Next.js 14
npm install next@14.2.35 react@latest react-dom@latest
# Next.js 15
npm install next@15.5.9 react@latest react-dom@latest
```
**For other frameworks (Waku, Remix, etc):**
Ensure `react-server-dom-webpack` is upgraded to **v19.2.1** or higher.
---
## ๐ License
Distributed under the MIT License. See `LICENSE` for more information.