Share
## https://sploitus.com/exploit?id=B9A8F538-69E8-5409-AB4E-5F4995AB68DF
# CVE-2025-55183 - Next.js RSC Server Function Source Code Disclosure

A source code disclosure vulnerability in Next.js React Server Components (RSC). A malicious HTTP request sent to a vulnerable Server Function may unsafely return the source code of any Server Function when the argument is stringified.

## Reference

- **Original Post**: [AndrewMohawk on X/Twitter](https://x.com/AndrewMohawk/status/1999237260529819837)

## Setup Lab

```bash
git clone https://github.com/AndrewMohawk/RSC-sample-app.git
cd RSC-sample-app
npm install
npm run dev
```

## Usage

```bash
pip install requests
python3 exp.py http://127.0.0.1:3000/a --no-proxy
```

## Disclaimer

For educational and authorized security testing purposes only.