Share
## https://sploitus.com/exploit?id=C0D721CB-9FE1-503D-8C90-2A7D5C5E8859
# CVE-2025-55182 Lab

A hands-on lab to exploit CVE-2025-55182 (React2Shell) - Remote Code Execution in React Server Components.

## โš ๏ธ Disclaimer

**Educational purposes only.** Only test on systems you own.

---

## Quick Start
```bash
# Clone and start
git clone https://github.com/YOUR_USERNAME/cve-2025-55182-lab
cd cve-2025-55182-lab
docker-compose up -d

# Wait 20 seconds, then exploit
python3 exploit.py http://localhost:3000 "whoami"
```

**That's it!** You should see command output proving RCE.

---

## What is CVE-2025-55182?

Critical RCE vulnerability in React Server Components (CVSS 10.0).

**Affected:**
- React 19.0.0 - 19.2.0  
- Next.js 15.x - 16.0.6

**Impact:** One HTTP request = Full server control

---

## Usage

### Python Script
```bash
python3 exploit.py  

# Examples
python3 exploit.py http://localhost:3000 "whoami"
python3 exploit.py http://localhost:3000 "id"
python3 exploit.py http://localhost:3000 "ls -la"
```

### Burp Suite

Use the request in `burp-request.txt`

---

## Cleanup
```bash
docker-compose down
```

---

## Learn More

- [Blog Post](#) - Detailed explanation
- [React Advisory](https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components)
- [Next.js Bulletin](https://nextjs.org/blog/CVE-2025-66478)

---

**โญ Star if this helped you learn!**