CVE-2025-55182 Scanner

This repository contains a scanner tool for CVE-2025-55182, a critical Remote Code Execution (RCE) vulnerability in React Server Components (RSC).

• Sorry for the delay, another vulnerability was encountered for analysis, thanks for reporting your issue.

⚠️ Disclaimer

This tool is for educational and authorized testing purposes only. Do not use this tool on systems you do not own or have explicit permission to test. The authors are not responsible for any misuse.

Analysis

For a detailed technical analysis, please refer to: https://react2shell.com/

Prerequisites

• Python 3.x: Required to run the scanner.
• Dependencies: Install via pip:

  pip3 install requests rich

Usage

Basic Scan

Check if a target URL is vulnerable.

python3 CVE-2025-55182.py -u <url>

Scan Multiple Targets

Scan a list of hosts from a file (one per line).

python3 CVE-2025-55182.py -l <hosts_file>

Interactive Shell (Exploit Mode)

Gain an interactive shell on a vulnerable target.

python3 CVE-2025-55182.py -u <url> --exploit

Advanced Options

Safe Check

Use side-channel detection (timing/error based) instead of attempting RCE.

python3 CVE-2025-55182.py -u <url> --safe-check

WAF Bypass

Add junk data to bypass WAF content inspection or use specific bypasses.

# Standard WAF bypass (junk data)
python3 CVE-2025-55182.py -u <url> --waf-bypass --waf-bypass-size 128

# Vercel WAF bypass variant
python3 CVE-2025-55182.py -u <url> --vercel-waf-bypass

Custom Headers & Proxy

# Custom headers
python3 CVE-2025-55182.py -u <url> -H "Authorization: Bearer token" -H "X-Custom: Header"

# Proxy usage
python3 CVE-2025-55182.py -u <url> --proxy http://127.0.0.1:8080

Evasion & Specificity

# Random User-Agent and Delay
python3 CVE-2025-55182.py -u <url> --random-agent --delay 2.0

# Scan specific path
python3 CVE-2025-55182.py -u <url> --path /_next --path /api

Output Options

Save results to a file in JSON, CSV, or HTML format. The --all-results flag saves both vulnerable and non-vulnerable hosts.

python3 CVE-2025-55182.py -u <url> -o results.json --format json --all-results

All Arguments

Argument	Description
-u, --url	Single URL/host to check.
-l, --list	File containing list of hosts to scan.
--exploit	Enter interactive shell mode (requires -u).
-t, --threads	Number of concurrent threads (default: 10).
--timeout	Request timeout in seconds (default: 10).
-o, --output	Output file for results.
--format	Output format: json, csv, html.
--all-results	Save all results, not just vulnerable ones.
-k, --insecure	Disable SSL certificate verification.
-H, --header	Custom header in 'Key: Value' format.
--path	Custom path to test (e.g., '/_next').
--path-file	File containing list of paths to test.
--safe-check	Use safe side-channel detection instead of RCE PoC.
--windows	Use Windows PowerShell payload.
--waf-bypass	Add junk data to bypass WAF.
--waf-bypass-size	Size of junk data in KB for WAF bypass.
--vercel-waf-bypass	Use Vercel WAF bypass payload.
-x, --proxy	Proxy URL (e.g., http://127.0.0.1:8080).
--random-agent	Use random User-Agent for each request.
--delay	Delay between requests in seconds.
-v, --verbose	Verbose output (show response snippets).
-q, --quiet	Quiet mode (only show vulnerable hosts).
--no-color	Disable colored output.

Docker Support

You can run a vulnerable instance for testing using the provided Docker image:

docker build -t cve-local .
docker run --rm -p 3000:3000 cve-local