## https://sploitus.com/exploit?id=DF933929-D22C-5003-A011-89EB398B99AE
# CVE-2025-55182 Toolkit & Lab (Educational Only)
Lightweight Go toolkit plus a Dockerized Next.js lab to explore and triage CVE-2025-55182. **For educational and authorized testing only.**
## Features
- Single binary with subcommands:
- `checker`: fast, concurrent inventory scan (single target, file, or stdin), heuristic for RSC exposure, JSON output per target, final summary, optional `-only-vuln`, `-no-progress`, custom `-ua`.
- `poc`: sends the exploit-style RSC multipart request and prints the returned digest; supports custom command via `-c` (default `id`).
- Concurrency control (`-c`), timeouts, and progress stats.
- Tolerant target input: `-target`, `-list`, or `-stdin`; auto-prepends `https://` when missing scheme.
- Lab environment (`vulnlab/`) with Next.js 15.5.6/React 19, Dockerfile and `docker-compose.yml` pinned to localhost:3000 for safe repro.
## Build
```bash
cd checker
GOCACHE=/tmp/go-cache go build -o CVE-2025-55182 ./cmd/CVE-2025-55182
```
Set `GOCACHE` if your environment has cache permission issues.
## Usage
```bash
# Scanner
./CVE-2025-55182 checker -target https://example.com
./CVE-2025-55182 checker -list ../targets.txt -c 50 -only-vuln
cat ../targets.txt | ./CVE-2025-55182 checker -stdin -no-progress
# PoC (exploit-style request)
./CVE-2025-55182 poc -target http://localhost:3000
./CVE-2025-55182 poc -target http://localhost:3000 -c "whoami"
```
## Lab (vulnlab/)
```bash
cd vulnlab
docker compose build
docker compose up
# App listens on 127.0.0.1:3000 inside the container; runs as non-root user.
```
- `Dockerfile` builds a Next.js app (Node 20 Alpine), installs deps, builds, and runs as a non-root `nextjs` user.
- `docker-compose.yml` binds `127.0.0.1:3000:3000` for local-only testing by default.
## Safety & Ethics
- Provided strictly for educational, defensive, and authorized testing.
- Do not target systems you do not own or have explicit permission to test.