## https://sploitus.com/exploit?id=B5D99721-304B-57B8-9DC0-8615F2FC0D3D
**CVE-2025-55182 Vulnerability Exploitation Tool (Rust Version)**
**Project Overview**
This project is a security research tool developed in Rust, targeting the remote code execution (RCE) vulnerability present in `react-server-dom-webpack@19.0.0`. This vulnerability allows attackers to execute arbitrary code on the target server without authentication by constructing malicious Server Action requests.
**Core Features**
The tool offers several ways to exploit the vulnerability:
- **Command Execution**: Execute arbitrary Shell commands on the target server using the `vm` or `child_process` modules.
- **File Reading**: Read sensitive files on the server using the `fs` module.
- **JavaScript Execution**: Execute arbitrary JavaScript code directly on the server side.
- **Interactive Shell**: Provide an interactive interface similar to a terminal for continuous operations.
- **Vulnerability Testing**: Automate tests to determine whether the vulnerability exists.
**Technical Implementation**
The tool constructs special `multipart/form-data` requests and utilizes React Server Components’ Action mechanism to inject malicious payloads into the `$ACTION_0:0` field. The payload specifies the Node.js built-in module to be called (e.g., `vm#runInThisContext`), thereby bypassing security restrictions and executing arbitrary code.
**Disclaimer**
This project is intended solely for cybersecurity research, vulnerability analysis, and learning purposes. It aims to help users understand relevant technical principles, enhance their security awareness, and improve their protection capabilities. Before using this project, please read and agree to the following terms:
- **Use Restrictions**: This project may not be used for unauthorized penetration, attacks, intrusions, scans, or other illegal activities. Users must obtain explicit authorization from the owner of the target system before conducting any tests. Developers will not assume any responsibility for any direct or indirect losses, legal liabilities, criminal charges, data damage, or service interruptions caused by the use of this project.
- **Risk Acceptance**: Using this project implies that users voluntarily assume all risks, including violations of laws and regulations, unauthorized use, system instability, data corruption, or leakage.
- **Legal Compliance**: Users must comply with the laws and regulations of the country or region they reside in. Any illegal actions during use will be borne by the user alone.
- **Technical Reference**: All content of this project serves only as a technical reference and does not guarantee applicability in all environments. Developers do not provide maintenance, updates, or technical support. Using or continuing to use this project indicates that you have read, understood, and fully agreed to the terms of this disclaimer.