Share
## https://sploitus.com/exploit?id=E8901619-A0FC-5B0D-AA6A-FBFD2085D095
# CVE-2025-55182

Check for the **critical RCE vulnerability** in React Server Components (CVSS 10.0).

## Quick Start

```bash
npx cve-2025-55182
```

## About the Vulnerability

**CVE-2025-55182** is an unauthenticated remote code execution vulnerability in React Server Components with a CVSS score of 10.0 (Critical).

### Affected Packages

- `react-server-dom-webpack`
- `react-server-dom-parcel`
- `react-server-dom-turbopack`

### Affected Versions

- 19.0.0
- 19.1.0
- 19.1.1
- 19.2.0

### Fixed Versions

- 19.0.1+ (for 19.0.x)
- 19.1.2+ (for 19.1.x)
- 19.2.1+ (for 19.2.x)

## Usage

### Scan current directory

```bash
npx cve-2025-55182
```

### Scan specific directory

```bash
npx cve-2025-55182 ./my-project
```

### JSON output (for CI/CD)

```bash
npx cve-2025-55182 --json
```

### Use in CI

```yaml
# GitHub Actions example
- name: Check for CVE-2025-55182
  run: npx cve-2025-55182
```

The command exits with code 0 if no vulnerabilities found, or the count of vulnerable projects otherwise.

## Supported Lockfiles

- `package-lock.json` (npm)
- `pnpm-lock.yaml` (pnpm)
- `yarn.lock` (yarn)

## References

- [Official React Security Advisory](https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components)
- [NVD Entry](https://nvd.nist.gov/vuln/detail/CVE-2025-55182)

## License

MIT