This tool is a Proof of Concept (PoC) intended for security research and educational purposes only. Using this tool on systems without explicit permission is illegal and punishable by law. The author (Tiger-Foxx) assumes no responsibility for misuse.

CVE-2025-55182 + CVE-2025-66478 - Next.js/React Server Components Remote Code Execution

This is a POC script for CVE-2025-55182 (React SSR RCE)

React2Shell (CVE-2025-55182) proof-of-concept (PoC) exploit demonstrating a CRITICAL remote code execution (RCE) vulnerability in modern web frameworks using React Server Components (RSC).

🚨 Exploit CVE-2025-55182 to demonstrate RCE in React Server Functions, highlighting risks from insecure prototype references in Next.js applications.

🛠️ Exploit CVE-2025-55182 in Next.js with this interactive shell tool, enabling security researchers to verify vulnerabilities on authorized targets.

Detection of the React Server Actions Exploit vector – CVE-2025-55182 / CVE-2025-66478

🛠️ Share original PoCs for CVE-2025-55182 in React2Shell, showcasing effective remote code execution examples for developers and security researchers.

🛠️ Exploit critical RCE vulnerabilities in React Server and Next.js with ease using this collection of tests and resources for security professionals.

Show case CVE-2025-55182 POC in Typrescript/Javascript

⚡ Discover and exploit CVE-2025-55182 with this PoC, offering reliable remote code execution tests for React Server Components in Next.js.

🚨 Demonstrate CVE-2025-55182, a critical React vulnerability allowing remote code execution via prototype chain pollution in `[email protected]`.

🔍 Exploit CVE-2025-55182 vulnerabilities in Next.js and React with this efficient framework for rapid testing and assessment.

🔍 Detect vulnerabilities CVE-2025-55182 and CVE-2025-66478 in Next.js apps with this reliable command-line scanner.

🚨 Exploit and scan for CVE-2025-55182, a critical React/Next.js vulnerability enabling remote code execution through prototype pollution techniques.

🔍 Scan for CVE-2025-55182 risks in React Server Components with this non-intrusive tool that helps detect critical vulnerabilities in your applications.

🛡️ Scan and assess vulnerabilities in Next.js/Waku with the CVE-2025-55182-Scanner, combining static and dynamic analysis for robust security.

🔍 Demonstrate CVE-2025-55182, a critical vulnerability in React Server Components allowing unauthenticated arbitrary code execution.

A web-based vulnerability scanner for CVE-2025-55182, a critical Remote Code Execution (RCE) vulnerability in React Server Components.