π¨ Critical RCE in React Server Components & Next.js π¨
Professional Red Team Toolkit for CVE-2025-55182 Detection & Exploitation
π Features β’ β‘ Quick Start β’ π Documentation β’ π€ Connect
React2Shell is a critical unauthenticated Remote Code Execution (RCE) vulnerability affecting React Server Components (RSC) and Next.js applications.
| CVE ID | Component | CVSS Score | Impact |
|---|---|---|---|
| CVE-2025-55182 | React Server Components | 10.0 π΄ | Complete Server Takeover |
| CVE-2025-66478 | Next.js Server Actions | 10.0 π΄ | Full System Compromise |
// Attacker sends malicious Flight protocol payload
POST / HTTP/1.1
Next-Action: exploit
Content-Type: multipart/form-data
{"__proto__": "pollution", "then": "gadget_chain"}
β
Unsafe Deserialization
β
Prototype Pollution
β
π₯ Remote Code Execution π₯- React: 19.0.0, 19.1.0, 19.1.1, 19.2.0
- Next.js: 15.x, 16.x (with App Router)
- Frameworks: React Router, Waku, Vite RSC, Parcel, RedwoodSDK
- React: 19.0.1+, 19.1.2+, 19.2.1+
- Next.js: 15.0.5+, 15.1.9+, 15.2.6+, 16.0.7+
|
π Successful RCE Exploitation
Command execution via React2Shell vulnerability |
π₯ Vulnerability Confirmation
Server compromise through Flight protocol |
β οΈ These screenshots demonstrate real exploitation in controlled environments
Use responsibly and only with proper authorization
This repository contains 4 professional-grade tools for CVE-2025-55182 detection and exploitation:
|
Advanced Scanner β
5 Payloads |
Target Discovery β
Automated Search |
CLI Framework β
8 Predefined Payloads |
Manual Testing β
30+ Payloads |
# Clone the repository
git clone https://github.com/cybertechajju/R2C-CVE-2025-55182-66478.git
cd R2C-CVE-2025-55182-66478
# Install Python dependencies
pip install -r requirements.txt
pip install -r exploits/requirements.txt# Scan single target
nuclei -t nuclei-templates/cve-2025-55182.yaml -u https://target.com
# Scan multiple targets
nuclei -t nuclei-templates/cve-2025-55182.yaml -l targets.txt# Interactive wizard mode
python exploits/shodan_scanner_advanced.py
# Or with API key directly
python exploits/shodan_scanner_advanced.py --api YOUR_SHODAN_API_KEY# Interactive mode
bash exploits/scanner_advanced.sh -i
# Quick exploitation
bash exploits/scanner_advanced.sh -d https://target.com -p 2- Open Burp Suite β Extensions β Add
- Select
burp-extension/React2Shell_Burp.py - Check "React2Shell Pro" tab for GUI
cve-2025-55182/
βββ π nuclei-templates/ # Nuclei YAML templates
β βββ cve-2025-55182.yaml # Advanced detection template
βββ π exploits/ # Exploitation tools
β βββ shodan_scanner_advanced.py # Shodan mass scanner
β βββ scanner_advanced.sh # Bash exploitation framework
β βββ requirements.txt # Python dependencies
βββ π burp-extension/ # Burp Suite extension
β βββ React2Shell_Burp.py # Main extension (30+ payloads)
β βββ payloads.json # Payload library
β βββ detection_rules.json # Detection patterns
βββ π burp bechek/ # BCheck files for Burp Scanner
β βββ CVE-2025-55182-React2Shell-Active.bcheck
β βββ CVE-2025-66478-NextJS-React2Shell-Active.bcheck
βββ π README.md # This file
- β 5 Exploitation Payloads: Linux, Windows, alternative endpoints
- β
Mathematical Validation:
41 * 271 = 11111(zero false positives) - β Multi-Stage Detection: Framework fingerprinting β RSC discovery β RCE validation
- β Multiple Matchers: Math validation, error patterns, execution proof
- β 50+ Shodan Queries: Maximum vulnerable target discovery
- β Smart Extraction: Both IPs and domain names
- β Interactive Wizard: Guided setup for beginners
- β Cyberpunk UI: Neon-themed terminal with animations
- β Batch Scanning: Multi-threaded target scanning
- β JSON Reports: Detailed vulnerability reports
- β 8 Predefined Payloads: System info, AWS metadata, container detection, etc.
- β Interactive Mode: Menu-driven exploitation
- β Multi-Target Scanning: Scan from file list
- β Rich Output: Color-coded results with animations
- β Error Analysis: Detailed failure diagnostics
- β 30+ Payload Library: Organized in 5 categories
- β Dual Scanners: Passive monitoring + active exploitation
- β 8-Tab GUI: Dashboard, scanner, exploitation, payloads, results, config, about
- β Burp Collaborator: Out-of-band RCE confirmation
- β Export Options: JSON and CSV reports
- β Confidence Scoring: Certain (95%), Firm (75%), Tentative (50%)
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β οΈ CRITICAL WARNING β οΈ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
This toolkit is for AUTHORIZED SECURITY TESTING ONLY.
βοΈ Legal Use:
β
Penetration testing with written authorization
β
Bug bounty programs within defined scope
β
Security research on owned infrastructure
β
Educational purposes in controlled labs
β Illegal Activities:
β Unauthorized system access
β Malicious exploitation
β Data theft or destruction
β Deploying malware
By using this toolkit, you agree to use it ethically and legally.
Unauthorized access to computer systems is illegal under:
β’ Computer Fraud and Abuse Act (CFAA) - USA
β’ Computer Misuse Act - UK
β’ Similar laws worldwide
π You are solely responsible for your actions.
Security Researcher β’ Red Team Specialist β’ Bug Bounty Hunter
Motto: Keep Learning Keep Hacking π
|
|
|
|
|
|
If this toolkit helped you, please β star this repository!
- React Security Team - For responsible disclosure
- ProjectDiscovery - For Nuclei platform
- PortSwigger - For Burp Suite
- Emre Davut - Original Shodan scanner inspiration
- Security Research Community - For CVE analysis and PoCs
For Educational and Authorized Security Testing Only
No warranty or liability provided. Use at your own risk.
Open an Issue or reach out on social media!
Made with β€οΈ by CyberTechAjju
Keep Learning. Keep Hacking. Stay Ethical. π―π