Skip to content

ihsansencan/React2Shell-CVE-2025-55182

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

🔥React2Shell - CVE-2025-55182 / CVE-2025-66478 Proof of Concept

Docker Image Size Docker Pulls Docker Stars GitHub license

Critical Security Vulnerability Demo - CVSS 10.0 - Remote Code Execution in React Server Components

⚠️DISCLAIMER

FOR EDUCATIONAL PURPOSES ONLY!
This repository demonstrates a critical security vulnerability.
Never use on production systems or exposed networks.

🚨Vulnerability Details

  • CVE ID: CVE-2025-55182 (React) / CVE-2025-66478 (Next.js)
  • CVSS Score: 10.0 (CRITICAL)
  • Affected: Next.js 15.0.0 with React Server Components
  • Vulnerability: Remote Code Execution via RSC protocol
  • Fixed in: next@15.0.5, next@15.1.9, next@16.0.7

🐳 Docker Hub

# Pull and run directly
docker run -p 3000:3000 ihsansencan/react2shell:latest

# CVE
docker run -p 3000:3000 ihsansencan/react2shell:cve-2025-55182
docker run -p 3000:3000 ihsansencan/react2shell:cve-2025-66478

# Versioned
docker run -p 3000:3000 ihsansencan/react2shell:v1.0

🛠️Quick Start

# 1. Build the vulnerable container
docker build -t cve-2025-55182-poc .

# 2. Run the demo
docker run -p 3000:3000 --name react2shell cve-2025-55182-poc

# 3. Open browser
# http://localhost:3000

🔧 Features

  • Modern UI pretending to be a "code playground"
  • Interactive RCE interface
  • Multiple payload examples
  • Real-time execution results
  • Educational exploit demonstration

🛡️ Security Impact

The vulnerability allows:

  • Remote command execution as root
  • Filesystem access
  • Network reconnaissance
  • Potential container escape
  • Full system compromise

📁 Project Structure

/react2shell
├── Dockerfile
├── package.json
├── next.config.js
├── app/
│   ├── actions.js
│   ├── layout.js
│   ├── page.js
│   └── api/
│       └── command/
│           └── route.js
├── README.md
├── LICENSE
└── img/
    ├── 1.png
    ├── 2.png
    └── 3.png

🚀 Demo Screenshot

alt text alt text alt text

🔒 Patching

# IMMEDIATE FIX
npm install next@15.0.5 react@18.2.0 react-dom@18.2.0

Happy Coding! 💻

Made with ❤️ by Ihsan Sencan

Star this repo if you find it useful!

GitHub followers GitHub stars