支持本站 — 捐款将帮助我们持续运营

目标:1000 元,已筹:620

62.0%
立即捐款
一、 漏洞 CVE-2025-55182 基础信息
漏洞信息
                                        # N/A

## 概述

React Server Components 中存在一个**预认证远程代码执行(RCE)漏洞**,影响多个版本的特定开发工具包。

## 影响版本

受影响的版本包括:

- `react-server-dom-parcel`
- `react-server-dom-turbopack`
- `react-server-dom-webpack`

在以下 React 版本中存在该漏洞:

- 19.0.0
- 19.1.0
- 19.1.1
- 19.2.0

## 漏洞细节

漏洞出现在 Server Function 端点对 HTTP 请求中的 payload 进行**不安全的反序列化**操作,而无需任何身份验证即可触发。

## 漏洞影响

攻击者可利用该漏洞在目标服务器上**远程执行任意代码**,从而完全控制受影响的服务。由于该漏洞存在于预认证阶段,**无需任何身份验证**即可利用。
神龙判断

是否为 Web 类漏洞: 未知

判断理由:

N/A
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
N/A
来源:美国国家漏洞数据库 NVD
漏洞描述信息
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
Meta React Server Components 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Meta React Server Components是美国Meta公司的一系列组件。 Meta React Server Components 19.0.0版本、19.1.0版本、19.1.1版本和19.2.0版本存在安全漏洞,该漏洞源于HTTP请求反序列化不当,可能导致远程代码执行。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2025-55182 的公开POC
#POC 描述源链接神龙链接
1React Server Components 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack contain a remote code execution caused by unsafe deserialization of payloads from HTTP requests to Server Function endpoints, letting unauthenticated attackers execute arbitrary code remotely, exploit requires no authentication. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-55182.yamlPOC详情
2Script to quick check CVE-2025-55182 (React) and CVE-2025-66478 (Next.js) - Critical unauthenticated RCE vulnerabilities in the React Server Components (RSC) “Flight” protocol.https://github.com/BankkRoll/Quickcheck-CVE-2025-55182-React-and-CVE-2025-66478-Next.jsPOC详情
3CVE-2025-55182 POChttps://github.com/ejpir/CVE-2025-55182-researchPOC详情
4CVE-2025-55182 - React Server Components RCE Exploit & Scanner Supports external servers and CLI interfacehttps://github.com/sickwell/CVE-2025-55182POC详情
5A non-intrusive surface scanner for CVE-2025-55182 (React Server Components RCE). Detects exposed RSC endpoints in React 19 and Next.js applicationshttps://github.com/fatguru/CVE-2025-55182-scannerPOC详情
6CVE-2025-55182https://github.com/Ashwesker/Blackash-CVE-2025-55182POC详情
7CVE-2025-55182 - React Server Components RCE Exploit & Scanner Supports external servers and CLI interfacehttps://github.com/atastycookie/CVE-2025-55182POC详情
8Nonehttps://github.com/santihabib/CVE-2025-55182-analysisPOC详情
9Nonehttps://github.com/xkillbit/cve-2025-55182-scannerPOC详情
10Testing the React Server Components RCE (CVE-2025-55182)https://github.com/rpjboyarski/java4scriptPOC详情
11React2Shell Proof of Concepthttps://github.com/whiteov3rflow/CVE-2025-55182-pocPOC详情
12This POC demonstrates CVE-2025-55182 using actual `react-server-dom-webpack@19.0.0` vulnerable code.https://github.com/Pa2sw0rd/exploit-CVE-2025-55182-pocPOC详情
13CVE-2025-55182https://github.com/kk12-30/CVE-2025-55182POC详情
14For CVE-2025-55182 and CVE-2025-66478 Security Responsehttps://github.com/heiheishushu/rsc_detect_CVE-2025-55182POC详情
15CVE-2025-55182 漏洞利用GUI,PoC / Exploit for CVE-2025-55182 & CVE-2025-66478https://github.com/songsanggggg/CVE-2025-55182POC详情
16检测针对 CVE-2025-55182(React 服务器组件远程代码执行漏洞)的扫描器https://github.com/M0onPu15e/next.js-scannerPOC详情
17a critical Remote Code Execution (RCE) vulnerability in React Server Components (RSC). It also includes a realistic "Lab Environment" to safely test and understand the vulnerability.https://github.com/ThemeHackers/CVE-2025-55182POC详情
18a realistic POC demonstrating the missing `hasOwnProperty` check in react-server-dom-webpack@19.0.0https://github.com/joshterrill/CVE-2025-55182-realistic-pocPOC详情
19A Comprehensive CVE-2025-55182 Detection and Security Assessment Toolhttps://github.com/mingyisecurity-lab/CVE-2025-55182-TOOLSPOC详情
20High-performance exploitation engine for CVE-2025-55182 (React Server Components RCE)https://github.com/joaonevess/rust-flightPOC详情
21Security scanner for CVE-2025-55182 - Critical RCE vulnerability in React Server Components. Scan npm/pnpm/yarn lockfiles, Docker images, SBOMs, and live URLs. Auto-fix, SARIF output, GitHub Actions, Vercel integration, and runtime protection middleware.https://github.com/gensecaihq/react2shell-scannerPOC详情
22Nonehttps://github.com/sudo-Yangziran/CVE-2025-55182POCPOC详情
23一款针对 CVE-2025-55182 的独立安全评估工具,基于 Go 开发,提供图形化界面(GUI),用于快速完成漏洞检测与验证。https://github.com/Rsatan/CVE-2025-55182-ToolsPOC详情
24High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478)https://github.com/assetnote/react2shell-scannerPOC详情
25RCE Auto exploit for CVE-2025-55182https://github.com/jf0x3a/CVE-2025-55182-exploitPOC详情
26React/Next.js RCE CVE-2025-55182 checkerhttps://github.com/aspen-labs/CVE-2025-55182-checkerPOC详情
27Nonehttps://github.com/dissy123/cve-2025-55182POC详情
28Pre-auth RCE in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0.https://github.com/dwisiswant0/CVE-2025-55182POC详情
29See if your endpoint could be vulnerable.https://github.com/Chelsea486MHz/CVE-2025-55182-testPOC详情
30Nonehttps://github.com/oways/React2shell-CVE-2025-55182-checkerPOC详情
31Explanation and full RCE PoC for CVE-2025-55182https://github.com/msanft/CVE-2025-55182POC详情
32CVE-2025-55182 Fix for Vibe Codershttps://github.com/ivaavimusic/React19-fix-vibecodersPOC详情
33a critical Remote Code Execution (RCE) vulnerability in React Server Components (RSC). It also includes a realistic "Lab Environment" to safely test and understand the vulnerability.https://github.com/carlosaruy/CVE-2025-55182POC详情
34Scanner for CVE-2025-55182 (React) and CVE-2025-66478 (Next.js) - Track and remediate a critical React Server Components (RSC) / Flight protocol vulnerability campaign impacting react-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack, and RSC-enabled frameworks like Next.js. https://github.com/Security-Phoenix-demo/freight-night-rce-react-next-CVE-2025-55182-CVE-2025-66478POC详情
35some notes && (somewhat?) poc-adjacent stuff for CVE-2025-55182https://github.com/c0rydoras/CVE-2025-55182POC详情
36React2Shell Scanner (CVE-2025-55182 & CVE-2025-66478)https://github.com/CymulateResearch/React2Shell-ScannerPOC详情
37Nonehttps://github.com/0xPThree/cve-2025-55182POC详情
38Vulnerable Docker environment for reproducing CVE-2025-55182.https://github.com/SoICT-BKSEC/CVE-2025-55182-docker-labPOC详情
39Actual CVE-2025-55182 detection and exploit. No bullshit LLMs.https://github.com/acheong08/CVE-2025-55182-pocPOC详情
40Deliberately vulnerable banking app for CVE-2025-55182 (React) and CVE-2025-66478 (Next.js) to learn, detect, and safely exercise React2Shell. Runs unpatched React 19.0.0 and Next.js 15.0.3.https://github.com/jctommasi/react2shellVulnAppPOC详情
41Nuclei template for detecting react2shell (CVE-2025-55182 & CVE-2025-66478)https://github.com/shamo0/react2shell-PoCPOC详情
42Poc for CVE-2025-55182 (remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages)https://github.com/EynaExp/CVE-2025-55182-POCPOC详情
43Unified Security Research Toolhttps://github.com/im-hanzou/CVE-2025-55182-POC-SCANNERPOC详情
44Nonehttps://github.com/MrR0b0t19/CVE-2025-55182-shellinteractivePOC详情
45Vulnerable REACT app in docker container and poc code - for demoshttps://github.com/ps-interactive/cve-2025-55182POC详情
46Burp Suite extension to detect the Next.js / React Server Components (RSC) Remote Code Execution vulnerability (CVE-2025-55182 & CVE-2025-66478).https://github.com/tobiasGuta/Next.js-RSC-RCE-Scanner-Burp-Suite-ExtensionPOC详情
47Functional Python POC to test if servers are vulnerable to CVE-2025-55182https://github.com/aquinn-r7/CVE-2025-55182-VulnCheckPOCPOC详情
48PoC CVE-2025-55182https://github.com/MedusaSH/POC-CVE-2025-55182POC详情
49Nonehttps://github.com/marginaldeer/CVE-2025-55182_scannerPOC详情
50Community tool to detect and remediate CVE-2025-55182 (React2Shell) - Critical RCE vulnerability in React Server Componentshttps://github.com/nxgn-kd01/cve-2025-55182-scannerPOC详情
51Nonehttps://github.com/clevernyyyy/CVE-2025-55182-DockerizedPOC详情
52A proof of concept exploit script for CVE-2025-55182https://github.com/Cillian-Collins/CVE-2025-55182POC详情
53Security scanner to detect CVE-2025-55182 & CVE-2025-66478 vulnerabilities in React Server Components (RSC) projectshttps://github.com/ZihxS/check-react-rce-cve-2025-55182POC详情
54https://github.com/vulhub/vulhub/blob/master/react/CVE-2025-55182/README.mdPOC详情
55Nonehttps://github.com/ducducuc111/CVE-2025-55182-pocPOC详情
56Scanner for CVE-2025-55182 (React) and CVE-2025-66478 (Next.js) - Track and remediate a critical React Server Components (RSC) / Flight protocol vulnerability campaign impacting react-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack, and RSC-enabled frameworks like Next.js. https://github.com/Security-Phoenix-demo/react2shell-scanner-rce-react-next-CVE-2025-55182-CVE-2025-66478POC详情
57Community tool to detect and remediate CVE-2025-55182 (React2Shell) - Critical RCE vulnerability in React Server Componentshttps://github.com/nxgn-kd01/react2shell-scannerPOC详情
58Nonehttps://github.com/tlfyyds/cve-2025-55182-getshellPOC详情
59Nonehttps://github.com/ZemarKhos/CVE-2025-55182-Exploit-PoC-ScannerPOC详情
60Nonehttps://github.com/sherlocksecurity/CVE-2025-55182-Exploit-scannerPOC详情
61This is a POC script for CVE-2025-55182 (React SSR RCE)https://github.com/Darker-Ink/react-ssr-vulnerabilityPOC详情
62POC for CVE-2025-55182https://github.com/emadshanab/POC-for-CVE-2025-55182POC详情
63Nonehttps://github.com/topstar88/CVE-2025-55182POC详情
64Nonehttps://github.com/selectarget/CVE-2025-55182-ExploitPOC详情
65Nonehttps://github.com/onlylovetx/CVE-2025-55182-CVE-2025-66478-Exploit-GUIPOC详情
66Exploit for CVE-2025-55182 & CVE-2025-66478https://github.com/pyroxenites/Nextjs_RCE_Exploit_ToolPOC详情
67Nonehttps://github.com/TH-SecForge/CVE-2025-55182POC详情
68Next.js React Server Components RCE exploit for CVE-2025-55182https://github.com/Chocapikk/CVE-2025-55182POC详情
69Supports RSC fingerprinting and exploitation of the React component vulnerability CVE-2025-55182.https://github.com/mrknow001/RSC_DetectorPOC详情
70CVE-2025-55182 React Server Components Remote Code Execution Exploit Toolhttps://github.com/Spritualkb/CVE-2025-55182-expPOC详情
71Nonehttps://github.com/younesZdDz/CVE-2025-55182POC详情
72Original Proof-of-Concept's for React2Shell CVE-2025-55182https://github.com/lachlan2k/React2Shell-CVE-2025-55182-original-pocPOC详情
73Nonehttps://github.com/hualy13/CVE-2025-55182POC详情
74Interactive shell (HTTP hijack + POST + AES-256-CBC/BASE64)https://github.com/RuoJi6/CVE-2025-55182-RCE-shellPOC详情
75A bash scanner for detecting CVE-2025-55182 vulnerability in Next.js applicationshttps://github.com/Saturate/CVE-2025-55182-ScannerPOC详情
76Nonehttps://github.com/hoosin/CVE-2025-55182POC详情
77基于 CVE-2025-55182 漏洞检测 burpsuite 被动扫描插件https://github.com/Pizz33/CVE-2025-55182-burpscannerPOC详情
78lab_demo CVE-2025-55182https://github.com/Sotatek-KhaiNguyen3/CVE-2025-55182POC详情
79Real-world attack analysis of CVE-2025-55182 (React2Shell) - React Server Components RCE vulnerabilityhttps://github.com/ngvcanh/CVE-2025-55182-Attack-AnalysisPOC详情
80Working proof of concept for NextJS RCE to establish a reverse shell. [React2Shell]https://github.com/aliclub0x00/CVE-2025-55182-POC-NEXTJSPOC详情
81"One crafted HTTP request can compromise your entire server." — React Security Team, Dec 2025https://github.com/logesh-GIT001/CVE-2025-55182POC详情
82An analysis of CVE-2025-55182 and CVE-2025-66478 -- the vulnerabilities behind React2Shell. Tools, technical information, etchttps://github.com/freeqaz/react2shellPOC详情
83CVE-2025-55182https://github.com/m3m0ryc0rrupt/CVE-2025-55182-PoCPOC详情
84A containerized testing environment for CVE-2025-55182, a critical (10.0 CVSS) Remote Code Execution vulnerability in React Server Components.https://github.com/ABCFabian/React2Shell-CVE-2025-55182-Testing-EnvironmentPOC详情
85Nonehttps://github.com/nanwinata/CVE-2025-55182-ScannerPOC详情
86Docker poc lab for CVE-2025-55182 detection and exploitationhttps://github.com/l4rm4nd/CVE-2025-55182POC详情
87浅谈React Server Components RCE 漏洞分析https://github.com/Airis101/CVE-2025-55182-analysisPOC详情
88React Server Components 远程代码执行漏洞(CVE-2025-55182)https://github.com/GelukCrab/React-Server-Components-RCEPOC详情
89Interactive RCE Web Shell (CVE-2025-55182) BY Golden-Securityhttps://github.com/Golden-Secure/CVE-2025-55182POC详情
90研究CVE-2025-55182全版本利用漏洞https://github.com/XiaomingX/CVE-2025-55182-pocPOC详情
91Nonehttps://github.com/alexandre-briongos-wavestone/react-cve-2025-55182-labPOC详情
92This repository documents research into deserialization behavior within Next.js React Server Components (RSC) using the Flight protocol. It focuses on how malformed multipart bodies combined with Server Action request handling can lead to prototype traversal and execution primitives on certain builds.https://github.com/Rat5ak/CVE-2025-55182-React2Shell-RCE-POCPOC详情
93React2Shell | CVE-2025-55182 - React Server Components RCEhttps://github.com/RajChowdhury240/React2Shell-CVE-2025-55182POC详情
94PoC: CVE-2025-55182 (React) and CVE-2025-66478 (Next.js)https://github.com/nehkark/CVE-2025-55182POC详情
95Nonehttps://github.com/prestonhashworth/cve-2025-55182POC详情
96POC for CVE-2025-55182 React2Shellhttps://github.com/nomorebreach/POC-CVE-2025-55182POC详情
97Host-based detection rules for the RCE vulnerability in the React JavaScript framework.https://github.com/nerium-security/CVE-2025-55182POC详情
98CVE-2025-55182复现环境及RCE回显pochttps://github.com/zzhorc/CVE-2025-55182POC详情
99nmap nse for detecting React2Shell (CVE-2025-55182)https://github.com/Atlantis02-sec/Vulnerability-assessmentPOC详情
100Proof-of-Concept RCE pour CVE‑2025‑55182 exploitant le protocole React Flight sur Next.js App Router.https://github.com/rl0x01/CVE-2025-55182_PoCPOC详情
101React2Shell (CVE-2025-55182) – An intentionally vulnerable Next.js application created for educational and research purposes.https://github.com/subzer0x0/React2ShellPOC详情
102Security scanner for CVE-2025-55182 - Critical RCE vulnerability in React Server Componentshttps://github.com/f0xyx/CVE-2025-55182-ScannerPOC详情
103使用burp自动检测CVE-2025-55182 Next.js RCE 漏洞https://github.com/Cr4at0r/Next.js-RCE-Scanner-BurpSuite-Extension-POC详情
104Proof of Concept for React2Shell vulnerabilityhttps://github.com/ceortiz33/CVE-2025-55182POC详情
105PoC for React2Shell (CVE-2025-55182)https://github.com/sh1ro8/react2shellPOC详情
106Show case CVE-2025-55182 POC in Typrescript/Javascripthttps://github.com/zessu/CVE-2025-55182-TypescriptPOC详情
107A web-based vulnerability scanner for CVE-2025-55182, a critical Remote Code Execution (RCE) vulnerability in React Server Components.https://github.com/mxm0z/r2sPOC详情
108CVE-2025-55182 Interactive PoC - React Server Components RCE - Educational Security Researchhttps://github.com/NathanJ60/react2shell-interactivePOC详情
109Nonehttps://github.com/GarethMSheldon/React2Shell-CVE-2025-55182-DetectorPOC详情
110CVE-2025-55182 React2Shell PoC labhttps://github.com/alsaut1/react2shell-labPOC详情
111React2Shell vulnerability (CVE-2025-55182 / CVE-2025-66478)https://github.com/pax-k/react2shell-CVE-2025-55182-full-rce-scriptPOC详情
112This repository contains a proof-of-concept demonstration of CVE-2025-55182, a critical (CVSS score 10.0) pre-authentication remote code execution vulnerability affecting React Server Components, also known as React2Shell.https://github.com/kOaDT/poc-cve-2025-55182POC详情
113Nonehttps://github.com/StealthMoud/CVE-2025-55182-ScannerPOC详情
114CVE-2025-55182 Exploithttps://github.com/yanoshercohen/CVE-2025-55182POC详情
115Nonehttps://github.com/klassiker/CVE-2025-55182POC详情
116Lightweight scanner and Nuclei templates for identifying React and Next.js deserialization RCEs (CVE-2025-55182 / CVE-2025-66478).https://github.com/grp-ops/react2shellPOC详情
117PoC for React2Shell (CVE-2025-55182)https://github.com/xkey8/react2shellPOC详情
118Nonehttps://github.com/kindone09/CVE-2025-55182POC详情
119this repo have CVE-2025-55182 full exploit with RCEhttps://github.com/mohit121312/CVE-2025-55182_full_exploitPOC详情
120React2Shell (CVE-2025-55182) Exploithttps://github.com/yanoshercohen/React2Shell_CVE-2025-55182POC详情
121RSC/Next.js RCE Vulnerability Detector & PoC Chrome Extension – CVE-2025-55182 & CVE-2025-66478https://github.com/emredavut/CVE-2025-55182POC详情
122Nonehttps://github.com/fankh/cve-2025-55182-test-lab-windowsPOC详情
123Fast scanner for detecting and confirming Next.js RCE vulnerabilities (CVE-2025-55182 & CVE-2025-66478).https://github.com/cypholab/evilactPOC详情
124Nonehttps://github.com/shren207/CVE-2025-55182POC详情
125Mass Hunting & Exploitation PoC for CVE-2025-55182 & CVE-2025-66478https://github.com/sumanrox/rschunterPOC详情
126CVE-2025-55182 & CVE-2025-66478 proof of conceptshttps://github.com/ayoub-intigriti/react2shell-cvePOC详情
127Nonehttps://github.com/zorejt/Rust_CVE-2025-55182POC详情
128A critical-severity vulnerability in React Server Components (CVE-2025-55182) affects React 19 and frameworks that use it, including Next.js (CVE-2025-66478)https://github.com/StillSoul/CVE-2025-55182POC详情
129Nonehttps://github.com/MaxK9999/CVE-2025-55182POC详情
130CVE-2025-55182 pochttps://github.com/Archerkong/CVE-2025-55182POC详情
131chrome extension to detect next.js sites vulnerable to CVE-2025-55182 (react2shell)https://github.com/philparzer/nextjs-react2shell-detectPOC详情
132Nonehttps://github.com/Kryptopacy/Next.js-RCE-Patcher--CVE-2025-55182-POC详情
133Meowhttps://github.com/yunaranyancat/CVE-2025-55182-NSEPOC详情
134This is a POC for testing your projects that are vulnerable to CVE-2025-55182 with a terminal and ability to scan a listhttps://github.com/MrSol0/CVE-2025-55182-TerminalPOC详情
135A test server for demonstrating and testing React2Shell (CVE-2025-55182) vulnerabilityhttps://github.com/fullhunt/react2shell-test-serverPOC详情
136Nonehttps://github.com/zack0x01/vuln-app-CVE-2025-55182POC详情
137Nonehttps://github.com/zack0x01/CVE-2025-55182-advanced-scanner-POC详情
138AWS Organization-wide detection toolkit for CVE-2025-55182 & CVE-2025-66478 (React Server Components / Next.js RCE vulnerabilities)https://github.com/rocklambros/React2Shell_HunterPOC详情
139CVE-2025-55182 & CVE-2025-66478 Detection Tool for Next.js RSC RCEhttps://github.com/alessiodos/react2shell-scannerPOC详情
140Patches CVE-2025-55182 in your repositorieshttps://github.com/Bashamega/react-CVE-2025-55182-fixerPOC详情
141More exploit-focused; great for security research repos.https://github.com/orgito1015/CVE-2025-55182-RCE-ExploitPOC详情
142CVE-2025-55182 React Server Components RCE - Go PoChttps://github.com/keklick1337/CVE-2025-55182-golang-PoCPOC详情
143React2Shell-Exploit — Complete exploitation framework for CVE-2025-55182, including Python exploit, Docker vulnerable lab, Burp Suite manual and automated exploitation, Nuclei detection template, and validated testing workflow. Developed for penetration testing and educational research.https://github.com/rubensuxo-eh/react2shell-exploitPOC详情
144CVE-2025-55182 RCE - Massive Scanner POChttps://github.com/CirqueiraDev/MassExploit-CVE-2025-55182POC详情
145Detects exposed React Server Components vulnerable to CVE-2025-55182 via RSC negotiation.https://github.com/w3irdo21/CVE-2025-55182-react2shellPOC详情
146RCE exploitation tool targeting CVE-2025-55182, a critical vulnerability in React Server Components (RSC) affecting React 19.0.0 - 19.2.0 and Next.js applications.https://github.com/Hghost0x00/CVE-2025-55182POC详情
147Advanced security testing tool for CVE-2025-55182 vulnerability assessment in Next.js applications. Features interactive shell, batch scanning, WAF bypass, and comprehensive reporting.https://github.com/zamdevio/r2sPOC详情
148React2Shell, CVE-2025-55182, RCE Vulnerability: A critical breakdown of the unsafe deserialization flaw in React Server Components that enables unauthenticated remote code execution across default React/Next.js setups.https://github.com/AdityaBhatt3010/React2Shell-CVE-2025-55182-The-Deserialization-Bug-That-Broke-the-WebPOC详情
149Poc for CVE-2025-55182https://github.com/0xN7y/CVE-2025-55182POC详情
150React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0, including react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack, contain a remote code execution vulnerability.https://github.com/MuhammadWaseem29/React2Shell_Rce-cve-2025-55182POC详情
151CVE-2025-55182 RCE vulnerability in Next.js/React RSC servers (fully working exploit and scanner) https://github.com/l0n3m4n/CVE-2025-55182POC详情
152React Shell & Next.js RSC Exploit Tool (CVE-2025-55182)https://github.com/ynsmroztas/NextRcePOC详情
153A minimal RCE PoC for CVE-2025-55182https://github.com/shreyas-malhotra/React2Shell-CVE-2025-55182POC详情
154CVE-2025-55182 PoC Exploithttps://github.com/sohaibeb/CVE-2025-55182POC详情
155🛡️ Complete toolset for detecting and patching CVE-2025-55182 (React2Shell) - A critical CVSS 10.0 RCE vulnerability in React Server Components. Includes automated scanner, patcher, and MCP server integration.https://github.com/hlsitechio/cve-2025-55182-toolsPOC详情
156This is a fast, asynchronous Python tool that fingerprints domains for likely Next.js App Router / React Server Components (RSC) infrastructure. (I made it to find the applications possibly vulnerable to CVE-2025-55182 and CVE-2025-66478)https://github.com/vyvivekyadav04/RSC-Infra-ScannerPOC详情
157A modified and a little boosted exploit for CVE-2025-55182, React2Shell: Pre-authentication Remote Code Execution in React Server Packages https://github.com/MikeTheHash/CVE-2025-55182POC详情
158Multi-language security scanner with 64 analyzers + AI Agent Security. NEW: React2Shell CVE-2025-55182 detection (CVSS 10.0). Scan Python, JS, Go, Rust, Docker, Terraform, MCP & more. 11,500+ downloads. AGPL-3.0.https://github.com/Pantheon-Security/medusaPOC详情
159CVE-2025-55182 (React2Shell) Scannerhttps://github.com/rapticore/ore_react2shell_scannerPOC详情
160CVE-2025-55182 RCE vulnerability in Next.js/React RSC servers (fully working exploit and scanner) https://github.com/l0n3m4n/CVE-2025-55182-CleanPOC详情
161Automated scanner for CVE-2025-55182: a critical RCE vulnerability in React Server Components and Next.js.https://github.com/Qixinlee/CVE-2025-55182-ScannerPOC详情
162Security toolkit to detect CVE-2025-55182 (React2Shell) vulnerabilityhttps://github.com/DelvyGonzalez/react2shell-security-toolkitPOC详情
163Nonehttps://github.com/jumodada/react-cve-2025-55182-demoPOC详情
164Nonehttps://github.com/ahmedshamsddin/CVE-2025-55182POC详情
165This is CVE-2025-55182 exploithttps://github.com/LemonTeatw1/CVE-2025-55182-exploitPOC详情
166Nonehttps://github.com/mil4ne/CVE-2025-55182-React2Shell-POC详情
167Nonehttps://github.com/ethicalrohitt/React2Shell_cve-2025-55182POC详情
168This is an easy to use PoC script to exploit React2Shell-CVE-2025-55182 Nextjs vulnerability. This will help to gain a reverse shell.https://github.com/ihhgimhana/React2Shell-CVE-2025-55182-PoC-Reverse-ShellPOC详情
169CVE-2025-55182 Detector. Find which of your GitHub repositories are exposed to the critical React/Next.js RCE vulnerability and generate a clean Markdown report.https://github.com/shakilkhatri/scanner-for-CVE-2025-55182-vulnerabilityPOC详情
170react2shell PoC with Go / CVE-2025-55182https://github.com/UmmItKin/CVE-2025-55182-PoCPOC详情
171Nonehttps://github.com/robbin0919/CVE-2025-55182POC详情
172CVE-2025-55182-POChttps://github.com/zxz3650/CVE-2025-55182-POCPOC详情
173Critical RCE vulnerability scanner for React Server Components (CVE-2025-55182). Automated exploitation framework with multi-payload support, proxy capabilities, and interactive command execution.https://github.com/AliHzSec/CVE-2025-55182POC详情
174A complete framework for exploiting the vulnerability CVE-2025-55182https://github.com/zr0n/react2shellPOC详情
175Nonehttps://github.com/hunter24x24/CVE-2025-55182-massPOC详情
176Nonehttps://github.com/andressuarezmonk/CVE-2025-55182POC详情
177🔥 React2Shell Toolkit - CVE-2025-55182 & CVE-2025-66478https://github.com/cybertechajju/R2C-CVE-2025-55182-66478POC详情
178Nonehttps://github.com/Dh4v4l8/CVE-2025-55182-poc-toolPOC详情
179CVE-2025-55182 – React2Shell: Proof-of-Concept Remote Code Execution (RCE) exploit for Next.js apps. Features an interactive shell prompt to test and demonstrate the vulnerability in real time. Use for security research and authorized penetration-testing only. https://github.com/M4xSec/CVE-2025-55182-React2Shell-RCE-ShellPOC详情
180A standalone GUI tool to detect and demonstrate the **React Server Components Remote Code Execution (RCE)** vulnerability (CVE-2025-55182) in Next.js applications.https://github.com/SainiONHacks/CVE-2025-55182-ScannerPOC详情
181A bash script to scan your server for React applications vulnerable to **CVE-2025-55182** — a critical remote code execution vulnerability (CVSS 10.0) in React Server Components.https://github.com/umairahmadh/react-vuln-scannerPOC详情
182Torito React2Shell Scanner & Exploit Tool (CVE-2025-55182 / 66478)https://github.com/ToritoIO/Torito-R2SPOC详情
183react2shell CVE-2025-55182 PoC https://github.com/surajhacx/react2shellpocPOC详情
184Step-by-step walkthrough of CVE-2025-55182 (React2Shell) by tracing React's Flight protocol internals.https://github.com/kavienanj/CVE-2025-55182POC详情
185A curated list of resources regarding CVE-2025-55182, the critical Remote Code Execution (RCE) vulnerability in React Server Components known as "React2Shell".https://github.com/websecuritylabs/React2Shell-LibraryPOC详情
186Nonehttps://github.com/cyberleelawat/CVE-2025-55182POC详情
187High-fidelity RCE scanner for CVE-2025-55182 affecting Next.js RSC. Supports mass scanning, command execution, and automated recon pipelines. Built for pentesters, researchers, and bounty hunters.https://github.com/satriarizka/CVE-2025-55182-Simple-ScannerPOC详情
188[漏洞复现] 全球首款基于RSC特性能绕过WAF检测的CVE-2025-55182 React Server RCE 漏洞 EXP。https://github.com/xcanwin/CVE-2025-55182-React-RCEPOC详情
189Play with react2shell in a safe environment!https://github.com/CharlesTheGreat77/CVE-2025-55182-Test-ServerPOC详情
190* React2Shell-CVE-2025-55182https://github.com/ihsansencan/React2Shell-CVE-2025-55182POC详情
191Header bypass for CVE-2025-55182 (React Server Components RCE). https://github.com/ejpir/CVE-2025-55182-bypassPOC详情
192My research on CVE-2025-55182https://github.com/I3r1h0n/React2ShellPOC详情
193CVE-2025-55182 RCE vulnerability in Next.js/React RSC servers (exploit and scanner) https://github.com/l0n3m4n/CVE-2025-55182-WafPOC详情
194🔍 Shellockolm - Your Security Detective for React, Next.js & npm. Detects CVE-2025-55182, CVE-2025-66478, malware, and supply chain attacks. Elementary security for complex codebases!https://github.com/hlsitechio/shellockolmPOC详情
195POC and lab setuphttps://github.com/timsonner/React2Shell-CVE-2025-55182POC详情
196A security scanner for detecting CVE-2025-55182 React Server Components vulnerabilityhttps://github.com/xiaoxiunique/CVE-2025-55182-scannerPOC详情
197Nonehttps://github.com/lalaterry/CVE-2025-55182-React2Shell-labPOC详情
198scanner testinghttps://github.com/arashiyans/CVE-2025-55182-CVE-2025-66478POC详情
199Nonehttps://github.com/faizdotid/rust-cve-2025-55182POC详情
200CVE-2025-55182 + CVE-2025-66478 - Next.js/React Server Components Remote Code Executionhttps://github.com/lincemorado97/CVE-2025-55182_CVE-2025-66478POC详情
201React2Shell Vulnerabilityhttps://github.com/LucasPDiniz/CVE-2025-55182POC详情
202https://gist.github.com/maple3142/48bc9393f45e068cf8c90ab865c0f5f3https://github.com/wangzhengquan/CVE-2025-55182POC详情
203Nonehttps://github.com/lee191/CVE-2025-55182POC详情
204CVE-2025-55182 PoChttps://github.com/Night-have-dreams/CVE-2025-55182-PoCPOC详情
205ULTIMATE REACT4SHELL EXPLOITATION FRAMEWORK CVE-2025-55182 & CVE-2025-66478 Readyhttps://github.com/C00LN3T/React2ShellPOC详情
206Nonehttps://github.com/thekamran/CVE-2025-55182-Proof-of-ConceptPOC详情
207A modern, user-friendly GUI application for detecting and exploiting the CVE-2025-55182 vulnerability in React Server Components. Built with Python and Tkinter, featuring a sleek neon-themed interface for scanning targets, executing shell commands, and viewing live console output.https://github.com/Syrins/CVE-2025-55182-React2Shell-RCEPOC详情
208Nonehttps://github.com/0xsj/CVE-2025-55182POC详情
209a dart package to analyze CVE-2025-55182 react2shell https://github.com/Benrich127N/react2shell_analyzerPOC详情
210CVE-2025-55182https://github.com/7amzahard/React2shellPOC详情
211CVE-2025-55182 취약점에 대한 샘플을 AI와 함께 작성 및 테스트 했습니다.https://github.com/randarts/react-rcePOC详情
212A lightweight, recursive Bash script to detect Next.js and React Server DOM versions vulnerable to CVE-2025-55182 (React2Shell) in local projects.https://github.com/hamm0nz/react2shell-auditPOC详情
213Nonehttps://github.com/0xSalm0n/CVE-2025-55182POC详情
214Nonehttps://github.com/Macaroniwdcheese/CVE-2025-55182-LabPOC详情
215Exploit for CVE-2025-55182 (React4Shell)https://github.com/LvMalware/CVE-2025-55182POC详情
216Nonehttps://github.com/HUAHUAI23/CVE-2025-55182-POCPOC详情
217Alat ini mendeteksi potensi kerentanan React2Shell (CVE-2025-55182) dalam proyek React dengan memeriksa: - File `package.json` dan file lock untuk paket rentan - Direktori `node_modules` untuk dependensi yang terpengaruh - URL secara pasif untuk deteksi jarak jauhhttps://github.com/cahyod/react2shellPOC详情
218CVE-2025-55182-scanner with 2 different methodhttps://github.com/yaupunal/CVE-2025-55182-scannerPOC详情
219Nonehttps://github.com/jandelima/cve-2025-55182-poc-testPOC详情
220🔍 Next.js RCE Scanner (CVE-2025-55182) - Automated vulnerability scanner using Zoomeye search engine. Discovers targets via dorks and tests for CVE-2025-55182 with parallel scanning capabilities.https://github.com/im-ezboy/CVE-2025-55182-zoomeyePOC详情
221CVE-2025-55182 Burp Passive Extensionhttps://github.com/Ibonok/CVE-2025-55182-Burp-Passive-ExtensionPOC详情
222 CVE-2025-55182 React2Shell PoChttps://github.com/lowercasenumbers/CVE-2025-55182POC详情
223[React2Hell] Next.js/React Server RCE Exploit — CVE-2025-55182https://github.com/AggressiveUser/React2HellPOC详情
224CVE-2025-55182 Next.js RCE Exploit Toolhttps://github.com/racall/cve-2025-55182-nodePOC详情
225CVE-2025-55182 and CVE-2025-66478https://github.com/FurkanKAYAPINAR/ReactNext2ShellPOC详情
226rsc-detect-cve-2025-55182 is a static analysis tool designed to detect potential indicators of CVE-2025-55182https://github.com/horsenyet/RSC-Detect-CVE-2025-55182POC详情
227Nonehttps://github.com/LQTjim/next-bug-CVE-2025-55182POC详情
228Heuristic security scanner for detecting React Server Components (RSC) vulnerabilities, including React2Shell-style behavior (CVE-2025-55182). Safe, non-exploitative, multi-target capable.https://github.com/AliAbdollahiii/react2shell_detectorPOC详情
229A Chrome extension for detecting React2Shell vulnerabilities (CVE-2025-55182 & CVE-2025-66478) in web applicationshttps://github.com/xiaopeng-ye/react2shell-detectorPOC详情
230VulnCheck CVE-2025-55182 react2shellhttps://github.com/vulncheck-oss/cve-2025-55182POC详情
231Scanner to detect the presence of CVE-2025-55182 & CVE-2025-66478 on targeted web services.https://github.com/Shield-Cyber/react2shell-scannerPOC详情
232Nonehttps://github.com/imbas007/POC-CVE-2025-55182POC详情
233* React2Shell-CVE-2025-55182https://github.com/chitoz1300/React2Shell-CVE-2025-55182POC详情
234Thực hiện để test CVE 2025 55182https://github.com/foodmen2111/test-cve-2025-55182POC详情
235CVE-2025-55182 检测方式和攻击利用https://github.com/sun977/CVE-2025-55182POC详情
236PoC-react2shell-CVE-2025-55182https://github.com/garux-sec/PoC-react2shell-CVE-2025-55182POC详情
237Detect CVE-2025-55182 & CVE-2025-66478 in Next.js/RSC applications (Rust)https://github.com/ancs21/react2shell-scanner-rustPOC详情
238Detection of the React Server Actions Exploit vector – CVE-2025-55182 / CVE-2025-66478https://github.com/MoisesTapia/http-react2shellPOC详情
239Nonehttps://github.com/hadipra5/CVE-2025-55182-Auto-Exploit-ToolkitPOC详情
240Nonehttps://github.com/techgaun/cve-2025-55182-scannerPOC详情
241React2Shell (CVE-2025-55182) proof-of-concept (PoC) exploit demonstrating a CRITICAL remote code execution (RCE) vulnerability in modern web frameworks using React Server Components (RSC).https://github.com/rsch-io/CVE-2025-55182-React2ShellPOC详情
242Nonehttps://github.com/ilixm/PoC-RCE-CVE-2025-55182POC详情
243Nonehttps://github.com/iamblacksolo2-BugBounty/POC-CVE-2025-55182POC详情
244a simple react2shell poc with basic waf bypasshttps://github.com/joelvaiju/react2shell-CVE-2025-55182-pocPOC详情
245POC-CVE-2025-55182https://github.com/DevVaibhav07/POC-CVE-2025-55182POC详情
246Python3 script that can be used to demonstrate **CVE-2025-55182**. It exploits a server-side JavaScript injection vulnerability in Next.js/React applications, allowing **remote code execution** via malformed multipart form data. https://github.com/liamromanis101/cve-2025-55182POC详情
247Nonehttps://github.com/ysfcndgr/React2Shell-CVE-2025-55182-Advanced-ScannerPOC详情
248Nonehttps://github.com/alfazhossain/CVE-2025-55182-ExploiterPOC详情
249Nonehttps://github.com/keshavyaduvans/cve-2025-55182POC详情
250proofhttps://github.com/byte16384/CVE-2025-55182POC详情
251POC for React2Shell (CVE-2025-55182)https://github.com/kondukto-io/vulnerable-next-js-pocPOC详情
252Test case for CVE-2025-55182https://github.com/react2shell-repo-menagerie/CVE-2025-55182-single-nextjs-npm-rsc-webpackPOC详情
253Test case for CVE-2025-55182https://github.com/react2shell-repo-menagerie/CVE-2025-55182-single-nextjs-npm-rsc-parcelPOC详情
254Test case for CVE-2025-55182https://github.com/react2shell-repo-menagerie/CVE-2025-55182-single-nextjs-npm-rsc-turbopackPOC详情
255Nonehttps://github.com/eytannatye/R2S_CVE-2025-55182POC详情
256PoC, Hunting React2Shell about CVE-2025-55182https://github.com/Jaycelation/CVE-2025-55182POC详情
257React2Shell is a Python-based proof-of-concept tool designed to exploit CVE-2025-55182 and CVE-2025-66478, both impacting Next.js applications using React Server Components (RSC).https://github.com/shyambhanushali/React2ShellPOC详情
258Nonehttps://github.com/amir-malek/react-cve-2025-55182POC详情
259CVE-2025-55182-advanced-scannerhttps://github.com/Ankitspandey07/React2ShellPOC详情
260malware I found on my serverhttps://github.com/Stonelinks/react-cve-2025-55182POC详情
261A critical vulnerability in React Server Components affecting React 19 (CVE-2025-55182) and frameworks that use it like Next.js (CVE-2025-66478). https://github.com/dr4xp/react2shellPOC详情
262Proof of Concept for CVE-2025-55182 ("React2Shell"). A fully dockerized environment demonstrating Remote Code Execution (RCE) via insecure deserialization in React Server Components. Includes vulnerable targets for both Vanilla React (Express) and Next.js, along with a custom Python exploit script.https://github.com/trax69/cve-2025-55182-pocPOC详情
263Demo of CVE-2025-55182 — Next.js RCE (for educational purposes)https://github.com/osman-butt/CVE-2025-55182-demoPOC详情
264Nonehttps://github.com/mil4ne/CVE-2025-55182-React2ShellPOC详情
265py script proof of concept new CVE-2025-55182 based in lachlan2k scripthttps://github.com/notkittenn/poc_react2shellPOC详情
266ReactGuard provides framework- and vulnerability-detection tooling for CVE-2025-55182 (React2Shell)https://github.com/theori-io/reactguardPOC详情
267Nonehttps://github.com/iamblacksolo2-BugBounty/POC2-CVE-2025-55182POC详情
268Nonehttps://github.com/BakhodiribnYashinibnMansur/CVE-2025-55182POC详情
269CVE-2025-55182 React RCE Test Serverhttps://github.com/theman001/CVE-2025-55182_PoC-Test-ServerPOC详情
270Next.js RCE via React Server Functionshttps://github.com/gunyakit/CVE-2025-55182-PoC-exploitPOC详情
271A command-line tool for detecting CVE-2025-55182 and CVE-2025-66478 in Next.js applications using React Server Components.https://github.com/rix4uni/CVE-2025-55182POC详情
272A portable Bash script to detect vulnerable versions of React Server DOM and Next.js packages affected by [CVE-2025-55182]https://github.com/gonaumov/cve-2025-55182-checkerPOC详情
273Nonehttps://github.com/BeichenDream/CVE-2025-55182-GodzillaMemoryShellPOC详情
274Nonehttps://github.com/Legus-Yeung/CVE-2025-55182-exploitPOC详情
275Nonehttps://github.com/DanielXavierJob/-CVE-2025-55182POC详情
276Reproduction for Next.js CVE-2025-55182 version string confusion issuehttps://github.com/sponte/nextjs-cve-version-confusionPOC详情
277Nonehttps://github.com/CrazyloveforWeb/Golang-CVE-2025-55182-POCPOC详情
278Nmap NSE script for scanning React2Shell (CVE-2025-55182)https://github.com/JahazielLem/NSE_CVE-2025-55182POC详情
279Elite exploitation toolkit for CVE-2025-55182 (React Server Components RCE). Async polymorphic payloads, advanced WAF/CDN bypass, proxy rotation, Shodan/Censys mass scan, auto-pwn + reverse shells, Nuclei templates, K8s lab & C2 dashboard. Authored by Sudeepa Wanigarathna – strictly for authorized red team and penetration testing.https://github.com/CerberusMrX/Cerberus-React2Shell-Scanner-ExploitPOC详情
280nmap script to scan react2shell (CVE-2025-55182 and CVE-2025-66478) Vulnerabilityhttps://github.com/Saad-Ayady/react2shellNSEPOC详情
281RscScan: Professional cross-platform vulnerability scanner for Next.js Server Actions (CVE-2025-55182). Detects critical RCE flaws with multi-threaded scanning, real-time analytics, and multi-language support. Built with Electron & React.https://github.com/VeilVulp/RscScanPOC详情
282A CTF challenge based on CVE-2025-55182 Vulnerabilityhttps://github.com/yz9yt/React2Shell-CTFPOC详情
283Nonehttps://github.com/Gymnott1/CVE-2025-55182POC详情
284A simple toolkit to validate, exploit & gain an interactive shell via the react2Shell Next.js RCE.https://github.com/J4ck3LSyN-Gen2/CVE-2025-55182POC详情
285Working Proof of Concept (PoC) for CVE-2025-55182 (React2Shell) - Unauthenticated Remote Code Execution in Next.js 15.0.0 via React Server Componentshttps://github.com/pkrasulia/CVE-2025-55182-NextJS-RCE-PoCPOC详情
286Firefox extension to detect and exploit CVE-2025-55182 - Prototype Pollution RCE in Next.js React Server Actionshttps://github.com/oscarmine/R2SAEPOC详情
287Next.js-Exploit-Tool 图形化综合利用工具,基于 Go 开发,一款针对 CVE-2025-55182 的独立安全评估工具。https://github.com/Rsatan/Next.js-Exploit-ToolPOC详情
288Nonehttps://github.com/min8282/CVE-2025-55182POC详情
289Intentionally vulnerable Next.js app for CVE-2025-55182 security research and CTF challengeshttps://github.com/Machine-farmer/PunchingBag-for-React2ShellPOC详情
290Nonehttps://github.com/exrienz/CVE-2025-55182-NextJS-Scanner-React2Shell-PoCPOC详情
291Educational / research tool related to React / Next.js vulnerability CVE‑2025‑55182 (“React2Shell”).https://github.com/mrmtwoj/React2Shell-CVE-2025-55182POC详情
292Nonehttps://github.com/xalgord1/CVE-2025-55182-POCPOC详情
293Nonehttps://github.com/LC-pro/CVE-2025-55182-EXPPOC详情
294This tool is a Proof of Concept (PoC) intended for security research and educational purposes only. Using this tool on systems without explicit permission is illegal and punishable by law. The author (Tiger-Foxx) assumes no responsibility for misuse.https://github.com/Tiger-Foxx/exploit-react-CVE-2025-55182POC详情
295React2Shell (CVE-2025-55182) scannerhttps://github.com/trilogy-group/react2shell-scanPOC详情
296Interactive visualization explaining React Server Components, Flight Protocol, and the React2Shell (CVE-2025-55182) RCE vulnerability. Features narrated animations synced with ElevenLabs + Whisper.https://github.com/VolksRat71/react2shellexploitvisualizedPOC详情
297A Chrome extension for detecting React2Shell vulnerabilities (CVE-2025-55182 & CVE-2025-66478) in web applicationshttps://github.com/anuththara2007-W/CVE-2025-55182-Exploit-extensionPOC详情
298CVE-2025-55182https://github.com/andrei2308/react2shellPOC详情
299Nonehttps://github.com/Nkwenti-Severian-Ndongtsop/POC_react2shell_CVE-2025-55182POC详情
300R2S is a comprehensive exploitation and post-exploitation framework targeting the Next.js React Server Components vulnerability (CVE-2025-55182). It provides an interactive shell with advanced features for penetration testing, including file transfer, persistence, enumeration, privilege escalation checks, and more.https://github.com/4nuxd/React2ShellPOC详情
301Burp Suite extension for identifying the React Server Components unsafe deserialization vulnerability (React2Shell / CVE-2025-55182). It provides a focused UI tab, context-menu actions, active-scanner integration, and optional Burp Collaborator confirmation.https://github.com/j0lt-github/react2shell-burpPOC详情
302RscScan: Professional cross-platform vulnerability scanner for Next.js Server Actions (CVE-2025-55182). Detects critical RCE flaws with multi-threaded scanning, real-time analytics, and multi-language support. Built with Electron & React.https://github.com/VeilVulp/RscScan-cve-2025-55182POC详情
303CVE-2025-55182 payloadhttps://github.com/IrsyadSEC/CVE-2025-55182-MassPayloadAttackPOC详情
304POC React2Shell-CVE-2025-55182https://github.com/Shadowroot97/React2Shell-CVE-2025-55182POC详情
305Nonehttps://github.com/yuta3003/CVE-2025-55182POC详情
306Nonehttps://github.com/securifyai/React2Shell-CVE-2025-55182POC详情
307Nonehttps://github.com/W41T3D3V1L/COMPLETE-CVE-2025-55182POC详情
308CVE-2025-55182 React2Shell in rust https://github.com/0x5k/rs_CVE-2025-55182_React2ShellPOC详情
309simple Proof-of-Concept (PoC) exploit for CVE-2025-55182https://github.com/raivenLockdown/RCE_React2Shell_ButCooler-SomeUselessUsefulThingsLMAO-POC详情
310CVE-2025-55182 の検証用https://github.com/oguri-souhei/CVE-2025-55182POC详情
311Advanced Exploitation Toolkit for Next.js Server Actions (CVE-2025-55182)https://github.com/xalgord/React2ShellPOC详情
312POC React2Shell - CVE-2025-55182 - CVE-2025-55184https://github.com/caohungphu/react2shellPOC详情
313Nonehttps://github.com/ryanhafid/PoC_CVE-2025-55182POC详情
314Nonehttps://github.com/ryanhafid/Scan_CVE-2025-55182POC详情
315CVE-2025-55182 - React2Shell Educational Toolhttps://github.com/0xLutfifakee/CVE-2025-55182-React2ShellPOC详情
316CVE-2025-55182 – CVE-2025-66478 – React2Shellhttps://github.com/gagaltotal/tot-react-rce-CVE-2025-55182POC详情
317AI agent-ready prompt to scan Node.js/React/Next.js projects for Shai-Hulud 2.0 (npm worm) and React2Shell (CVE-2025-55182 RCE). Guides AI agents (Claude, Gemini, Grok, etc.) to check dependencies, versions, GitHub repos, detect compromise, and provide step-by-step remediation.https://github.com/eaizy/react2hulud-scanPOC详情
318Security testing toolkit for CVE-2025-55182 - React Server Components RCE via prototype pollution. Includes CLI scanner, Chrome extension, Nuclei templates, and Docker lab with CTF flags.https://github.com/sho-luv/React2ShellPOC详情
319High-performance Go implementation for detecting React Server Components RCE vulnerabilities (CVE-2025-55182 & CVE-2025-66478).https://github.com/h0tak88r/next88POC详情
320Hack The Box Writeup for Retired Challenge ReactOOPS - Complete solution and educational guide to CVE-2025-55182/CVE-2025-66478 (React2Shell RCE). Includes detailed vulnerability analysis, exploitation techniques, and team learning materials.https://github.com/TheStingR/ReactOOPS-WriteUpPOC详情
321A CLI tool that exploits vulnerabilities in React Server Components and Server Actions (CVE-2025-55182, CVE-2025-66478) to achieve remote code execution (RCE) on vulnerable servers.https://github.com/mantvmass/react2shellPOC详情
322A CVE-2025-55182(React2Shell) Toolbox Applicationhttps://github.com/MoLeft/React2Shell-ToolboxPOC详情
323Analysis, Validation Environment, and POC for CVE-225-55182 Vulnerability.https://github.com/Ya0h4cker/CVE-2025-55182POC详情
324A research report on CVE-2025-55182 (React2Shell). https://github.com/Kugelbyte/React2Shell-AnalysisPOC详情
325A hands-on lab for understanding and exploiting CVE-2025-55182 (React2Shell) - Remote Code Execution in React Server Componentshttps://github.com/dhananjayakumarn/CVE-2025-55182-LabPOC详情
326Nonehttps://github.com/ZorvithonLeo-Null/CVE-2025-55182-exploitPOC详情
327NodeJS-based exploit script and scanner for the React Server Components "React2Shell" vulnerability (CVE-2025-55182).https://github.com/sangleshubham/React-Security-CVE-2025-55182-ExploitPOC详情
328A hybrid security scanner for detecting CVE-2025-55182 in Next.js and Waku applications. Features combined static code analysis and safe dynamic verification for DevSecOps workflows.https://github.com/TrixSec/CVE-2025-55182-ScannerPOC详情
329Check if your server is affected by CVE-2025-55182 & CVE-2025-66478https://github.com/mounta11n/CHECK-CVE-2025-55182-AND-CVE-2025-66478POC详情
330Nonehttps://github.com/grejh0t/CVE-2025-55182POC详情
331A modern Next.js vulnerable web app themed as a news / blog portal for CVE-2025-55182 (React) and CVE-2025-66478 (Next.js) to learn, detect, and safely exercise React2Shell. Runs unpatched React 19.0.0 and Next.js 15.0.3.https://github.com/hidden-investigations/react2shell-vulnlabPOC详情
三、漏洞 CVE-2025-55182 的情报信息

  • 标题: CVE-2025-55182 -- 🔗来源链接

    标签:x_refsource_CONFIRM

    神龙速读:
                                            - **CVE编号**: CVE-2025-55182
- **漏洞描述**: 在React Server Components版本19.0.0, 19.1.0, 19.1.1, react-server-dom-parcel, react-server-dom-turbopack, 和 react-server-dom-webpack中存在一个预验证的远程代码执行漏洞。漏洞代码不安全地反序列化payloads,可能导致任意JS代码执行。
- **影响版本**:
  - **react-server-dom-webpack (Meta)**
    - 默认状态: 未受影响
    - 影响版本: 19.0.0 到 19.2.0
  - **react-server-dom-turbopack (Meta)**
    - 默认状态: 未受影响
    - 影响版本: 19.0.0 到 19.2.0
  - **react-server-dom-parcel (Meta)**
    - 默认状态: 未受影响
    - 影响版本: 19.0.0 到 19.2.0
- **参考资料**: <https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components>
    CVE-2025-55182

  • 标题: Critical Security Vulnerability in React Server Components – React -- 🔗来源链接

    标签:x_refsource_CONFIRM

    神龙速读:
                                            ### 关键漏洞信息

- **漏洞描述**: React Server Components 中存在一个未授权远程代码执行漏洞,允许攻击者在 React Server Function 端点中利用 React 解码发送的负载中的漏洞执行远程代码。

- **CVE 编号**: CVE-2025-55182

- **CVSS 评分**: 10.0

- **影响版本**:
  - `react-server-dom-webpack`: 19.0, 19.1.0, 19.1.1, 19.2.0
  - `react-server-dom-parcel`: 19.0, 19.1.0, 19.1.1, 19.2.0
  - `react-server-dom-turbopack`: 19.0, 19.1.0, 19.1.1, 19.2.0

- **受影响的框架和打包工具**: Next.js, React Router, Waku, @parcel/rsc, @vitejs/plugin-rsc, rwsk

- **修复版本**:
  - `react-server-dom-webpack`, `react-server-dom-parcel`, `react-server-dom-turbopack` 版本 19.0.1, 19.1.2, 19.2.1

- **时间线**:
  - 2025 年 11 月 29 日: 描述漏洞
  - 2025 年 11 月 30 日: 确认并修复
  - 2025 年 12 月 1 日: 发布修复
  - 2025 年 12 月 3 日: 公开披露漏洞

- **补救措施**: 立即升级到修复版本或联系受影响的框架/工具的官方文档获取更多详细更新指导。
    Critical Security Vulnerability in React Server Components – React
  • https://nvd.nist.gov/vuln/detail/CVE-2025-55182
四、漏洞 CVE-2025-55182 的评论

暂无评论

发表评论