Meta React Server Components contains a remote code execution vulnerability that could allow unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Server Function endpoints. Please note CVE-2025-66478 has been rejected, but it is associated with CVE-2025- 55182.
PoC: react2shell-toolkit
Toolkit for CVE-2025-55182, also known as React2Shell.
PoC: CVE-2025-55182-bypass
CVE-2025-55182-bypass-waf
PoC: React2Shell
A Firefox extension for detecting React2Shell vulnerabilities (CVE-2025-55182 & CVE-2025-66478) in web applications.
PoC: CVE-2025-55182
CVE-2025-55182漏洞检测工具
PoC: r2rs
Interactive Ruby shell for authorized CVE-2025-55182 (react2shell) testing
PoC: CVE-2025-55182
Interactive RCE exploitation tool for CVE-2025-55182 (React Server Components)
PoC: GitExpose
Advanced security scanner detecting exposed files, React2Shell (CVE-2025-55182), ML model poisoning, LLM infrastructure exposure, and invisible Unicode attacks. Built for the 2026 threat landscape.
PoC: CVE-2025-55182-Next.js-RCE
Nextjs RCE Exploit
PoC: React2Shell-CVE-2025-55182
React2Shell CVE-2025-55182: unauthenticated unsafe deserialization in React Server Components leading to reliable remote code execution via the Flight protocol.
PoC: react2shell-evolved
A evolved version of assetnote CVE-2025-55182 scanner
[POC] GHSA-3mgp-fx93-9xv5 — CVE-2025-55182-POC
React2Shell POC
[POC] GHSA-3mgp-fx93-9xv5 — cve-2025-55182
POC for CVE-2025-55182
[POC] GHSA-3mgp-fx93-9xv5 — React2Shell-PoC-CVE-2025-55182
Khai thác lỗ hổng bảo mật CVE-2025-55182
[POC] MAL-2026-2307 — CVE-2025-55182-React2Shell-RCE
React2Shell (CVE-2025-55182) PoC
PoC: react2shell-exploit
React2Shell: CVE-2025-55182
PoC: CVE-2025-55182
PoC exploit for CVE-2025-55182 (React2Shell) — Pre-auth RCE in React Server Components | CVSS 10.0
PoC: CVE-2025-55182
CVE-2025-55182 exploit script
PoC: JEFAZO-CVE-2025-55182-Checker
Escáner pasivo de seguridad para CVE-2025-55182 que identifica indicadores públicos asociados a Next.js y React Server Components. Realiza validaciones seguras, analiza cabeceras y rutas, y proporciona una evaluación de exposición basada en evidencias sin explotación.
PoC: React2Shell_Exploit
I created simple react2shell CVE-2025-55182 python exploit
PoC: react2shell
react2shell - CVE-2025-55182 (Next.js: CVE-2025-66478) - Unauthenticated RCE in React Server Components (Flight Protocol) - PoC Exploit
PoC: CVE-2025-55182
react CVE-2025-55182
PoC: HTB-Reactor-Linux-Machine---Walkthrough
Full walkthrough of HTB's Reactor machine — exploit CVE-2025-55182 to gain a shell, then get root via an exposed Node.js debugger. Step-by-step with screenshots.
PoC: react-rsc-cve-2025-55182-lab
Educational lab demonstrating CVE-2025-55182: Critical RCE in React Server Components via prototype pollution in the Flight protocol
PoC: CVE-2025-55182-React2shell
CVE-2025-55182 Exploit Tool – Python 2.7 exploit for Next.js prototype pollution leading to RCE
PoC: React2Shell-CVE-2025-55182
CVE-2025-55182 — Unauthenticated RCE in React Server Components (React2Shell). CVSS 10.0 exploit tool for authorized penetration testing.
PoC: CVE-2025-55182-React2Shell
CVE-2025-55182 Exploit | by infrar3d
PoC: CVE-2025-55182
a.k.a. React2Shell
PoC: reactguard
ReactGuard provides framework- and vulnerability-detection tooling for CVE-2025-55182 (React2Shell)
PoC: React2Shell
Simple Lab for React2Shell CVE-2025-55182
PoC: flight-risk
Security toolkit for CVE-2025-55182 (React2Shell) — scan, detect, correlate, and test React Server Components RCE vulnerability
PoC: cve-2025-55182-analysis
Security research & exploitation analysis of CVE-2025-55182 (React) — CVSS + OWASP Top 10 mapping
PoC: CVE-2025-55182-poc-panel
This is a special panel that is used to send POC requests with the output of responses.
PoC: Explosive-As-Hell-MCS-Qualifer-Web-500
[First-Blood-XO] React Server Component endpoint vulnerable to CVE-2025-55182 (RCE) → enumerated SUID binaries → /usr/bin/perl had SUID set → used Perl's POSIX setuid(0) to escalate to root → read /root/flag.txt
PoC: R2SAE
Firefox extension for detecting and exploiting CVE-2025-55182 — Prototype Pollution RCE in Next.js React Server Actions
PoC: nextjs-rce-incident-response
Real-world incident response for CVE-2025-55182 (React2Shell) — script injection, server remediation, and post-incident report
PoC: rust-cve-2025-55182-scanner
powerfull rust cve-2025-55182-scanner used for ctf & ethical purpose only
PoC: CVE-2025-55182-Auto-Scanner
CVE-2025-55182 Auto Scanner - Improved Version For authorized CTF/testing purposes only
PoC: CVE-2025-55182-React2Shell-PoC
Proof-of-concept exploit for CVE-2025-55182 (React2Shell)
PoC: cve-2025-55182-react2shell-analysis
Technical analysis of CVE-2025-55182 (React2Shell RCE vulnerability)
PoC: nextjs-security-scanner
Bash script to detect CVE-2025-55182 (React2Shell) and credential exposure in Next.js projects. Zero dependencies.
PoC: CVE-2025-55182_liyon
CVE-2025-55182
PoC: cve-2025-55182-lab
Intentionally vulnerable Next.js RSC Docker lab for CVE-2025-55182 (React2Shell) local testing
PoC: CVE-2025-55182-React2Shell-Masters-Thesis
Master's Thesis research on CVE-2025-55182 (React2Shell). Advanced exploit with 4 attack vectors, interactive shell, and complete vulnerable laboratory. Portfolio piece demonstrating security research and exploit development.
PoC: React2Shell-PoC-CVE-2025-55182
Khai thác lỗ hổng bảo mật CVE-2025-55182 trong thành phần React
PoC: CVE-2025-55182
CVE-2025-55182 — React2Shell
PoC: CVE-2025-55182_RCE_Exploit
REC Exploit is a Python-based security testing tool that automates detection of potential RCE conditions in web applications under authorized environments. It sends crafted POST requests to targets, analyzes server responses for execution indicators, and supports batch scanning with custom input, structured payload handling, and clear CLI output.
PoC: cve-2025-55182-poc
Proof-of-concept for CVE-2025-55182 (React2Shell): unauthenticated RCE in React Server Components / Next.js via Flight protocol deserialization.
PoC: CVE-2025-55182-React-RSC-Exploit
Basic Proof of Concept (Poc) Exploit for React RSC - CVE-2025-55182
PoC: CVE-2025-55182-in-docker
CVE-2025-55182-in-docker
PoC: CVE-2025-55182-React2Shell-Async-Scanner
Async RCE scanner for CVE-2025-55182 / CVE-2025-66478 — prototype-pollution → code execution via React Server Actions.
PoC: REACT-CVE-2025-55182-Lab
Lab with PoC
PoC: MassScanning-CVE-2025-55182
A lightweight orchestrator and worker scanner setup for running large/continuous scans across split input files. This repository contains orchestration scripts, a Docker-based worker image, and helper scripts to run scans repeatedly and collect results.
PoC: RSC-Detect-CVE-2025-55182
RSC Detect CVE 2025 55182
PoC: React2Shell-Wazuh-Detection
Detection Engineering lab for simulating and monitoring React2Shell (CVE-2025-55182) Insecure Deserialization attacks using Wazuh SIEM.
PoC: CVE-2025-55182
CVE-2025-55182
PoC: reactshell
Interactive shell client for React Server Components RCE exploitation via __proto__ pollution (CVE-2025-55182)
PoC: CVE-2025-55182-in-docker
Server Next.js old version in docker
PoC: CVE-2025-55182
针对 Next.js 原型污染漏洞 (CVE-2025-55182) 的高效批量检测工具。
PoC: React2Shell-POC
React2Shell (CVE-2025-55182) POC
PoC: CVE-2025-55182
RCE on Next 16.0.6
PoC: react2shell-CVE-2025-55182
An exploitation tool for the Next.js vulnerability CVE-2025-55182 that allows remote command execution through a poisoning prototype in React Server Components.
PoC: tech-seminar-React2Shell
우리FISA 기술세미나 3팀: React Server Component의 RCE 취약점인 'React2Shell (CVE-2025-55182)' 분석 및 연구
PoC: CVE-2025-55182
React2shell exploit (CVE-2025-55182+CVE-2025-66478)
PoC: React2shell-RCE-MassScanner
React2Shell (CVE-2025-55182)
PoC: React-2-Shell
This is a security exploit tool targeting CVE-2025-55182. It exploits a Remote Code Execution (RCE) vulnerability in React Server Components
PoC: CVE-2025-55182
CVE-2025-55182
PoC: supertej0622.github.io
🚀 Bypass CVE-2025-55182 protections with this tool, enhancing security assessments and streamlining vulnerability testing against WAF configurations.
PoC: CVE-2025-55182-Exploit
CVE-2025-55182 React Server Components Remote Code Execution Exploit Tool
PoC: CVE-2025-55182
CVE-2025-55182
PoC: RSC-Detect-CVE-2025-55182
RSC Detect CVE 2025 55182
PoC: CVE-2025-55182
Remote code execution for React Server Components 19.0.0 - 19.2.0
PoC: react2shell
React2Shell is a high-performance vulnerability scanner written in Go, specifically designed to detect Server-Side Remote Code Execution (RCE) vulnerabilities in Next.js applications (CVE-2025-55182 & CVE-2025-66478).
PoC: asder10.github.io
🛠️ Exploit CVE-2025-55182 using React2Shell, an advanced framework for Next.js and React remote code execution. Secure your applications effectively.
PoC: React2Shell
🔍 Exploit CVE-2025-55182 vulnerabilities in Next.js and React with this efficient framework for rapid testing and assessment.
PoC: CVE-2025-55182-poc-json
CVE-2025-55182-poc-json
PoC: CVE-2025-55182
Remote code execution for React Server Components 19.0.0 - 19.2.0
PoC: React2Shell
Simple Lab for React2Shell CVE-2025-55182
PoC: react2shell-exploit
CVE-2025-55182, also known as React2Shell, is a critical vulnerability affecting Next.js applications using React Server Components (RSC) and Server Actions.
PoC: React2Shell-Kingdom
"Once upon a time, the Castle of Reactland trusted all Flight messages... until The Imposter arrived." A storytelling CVE-2025-55182 (React2Shell) demo - Medieval-themed vulnerable React Server Components app for security education.
PoC: Next.js-RCE-CVE-2025-55182
next.js rce exploit
PoC: gahoole77.github.io
🔍 Discover and scan vulnerable Next.js instances to protect your infrastructure from critical RCE vulnerabilities like CVE-2025-55182.
PoC: React2Shell
React2Shell – CVE-2025-55182
PoC: CVE-2025-55182-GUI
CVE-2025-55182 漏洞检测与利用工具(GUI版)
PoC: RSC-Detect-CVE-2025-55182
RSC Detect CVE 2025 55182
PoC: React2Shell-CVE-2025-55182
A HackIndex.io sandbox environment for the React2Shell vulnerability.
PoC: CVE-2025-55182
CVE-2025-55182 - Tool React2Shell
PoC: captain4554.github.io
🔍 Scan for CVE-2025-55182 vulnerabilities with a hybrid tool that combines static and dynamic analysis for improved security assessments.
PoC: CVE-2025-55182-Scanner
🛡️ Scan and assess vulnerabilities in Next.js/Waku with the CVE-2025-55182-Scanner, combining static and dynamic analysis for robust security.
PoC: CVE-2025-55182
CVE-2025-55182漏洞
PoC: react2shell-rce-autobot
🎯 Automated vulnerability scanner for React2Shell RCE - Google dorking + safe detection for CVE-2025-55182/CVE-2025-66478 (CVSS 10.0)
PoC: React2ShellPoC
This repository provides a proof-of-concept for CVE-2025-55182 (React2Shell), a remote code execution vulnerability in React Server Components. It demonstrates how the exploit works, including the payload and impact.
PoC: mysticalhearts.github.io
🛠️ Exploit CVE-2025-55182 in Next.js with an interactive shell for security testing on authorized targets. Use responsibly for effective vulnerability assessment.
PoC: CVE-2025-55182-advanced-scanner-
🛠️ Detect and exploit CVE-2025-55182 vulnerabilities in Next.js applications with this easy-to-use command-line scanner.
PoC: React-Server-Components-Remote-Code-Execution-CVE-2025-55182-
script to help solve the lab on hackviser covering (CVE-2025-55182)
PoC: CVE-2025-55182-POC-NEXTJS
⚡ Discover and exploit CVE-2025-55182 with this PoC, offering reliable remote code execution tests for React Server Components in Next.js.
PoC: CVE-2025-55182
React2Shell Scanner
PoC: CVE-2025-55182
Exploitation script for CVE-2025-55182. This is modified only for my personal use. If you are facing any problem fix it yourself.
PoC: Bot-exploit-CVE-2025-55182
Mass Bot Exploit
PoC: Nextjs_RCE_Exploit_Tool
🔍 Exploit CVE-2025-55182 in Next.js with this versatile tool for security research, featuring advanced payloads and WAF bypass techniques.
PoC: CVE-2025-55182-poc
🚨 Demonstrate CVE-2025-55182, a critical React vulnerability allowing remote code execution via prototype chain pollution in `react-server-dom-webpack@19.0.0`.
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free