Original Proof-of-Concepts for React2Shell CVE-2025-55182

rsc-detect-cve-2025-55182 is a static analysis tool designed to detect potential indicators of CVE-2025-55182

Docker poc lab for CVE-2025-55182 / CVE-2025-66478 (React2Shell) detection and exploitation

Security scanner for CVE-2025-55182 - Critical RCE vulnerability in React Server Components. Scan npm/pnpm/yarn lockfiles, Docker images, SBOMs, and live URLs. Auto-fix, SARIF output, GitHub Actions, Vercel integration, and runtime protection middleware.

React2Shell Auto Exploit: A CLI tool to exploit prototype pollution vulnerabilities (RCE) in React Server Actions

Step-by-step walkthrough of CVE-2025-55182 (React2Shell) by tracing React's Flight protocol internals.

ReactGuard provides framework- and vulnerability-detection tooling for CVE-2025-55182 (React2Shell)

React2Shell exploit with multiple WAF bypass and vulnerable example application.

This repository contains a POC of CVE-2025-55182, a critical (CVSS score 10.0) pre-authentication remote code execution vulnerability affecting React Server Components, also known as React2Shell.

CVE-2025-55182 – React2Shell: Proof-of-Concept Remote Code Execution (RCE) exploit for Next.js apps. Features an interactive shell prompt to test and demonstrate the vulnerability in real time. Use for security research and authorized penetration-testing only.

Nuclei template for detecting react2shell (CVE-2025-55182 & CVE-2025-66478)

A lightweight shell script that scans node / bun / deno projects to detect vulnerable npm packages using custom source formats (JSON / CSV / PURL / SBOM / SARIF / TRIVY)

React2Shell, CVE-2025-55182, RCE Vulnerability: A critical breakdown of the unsafe deserialization flaw in React Server Components that enables unauthenticated remote code execution across default React/Next.js setups.

chrome extension to detect next.js sites vulnerable to CVE-2025-55182 (react2shell)

A Chrome extension for detecting React2Shell vulnerabilities (CVE-2025-55182 & CVE-2025-66478) in web applications

My attempt to make honeypot for React2Shell vulnerability (CVE-2025-66478)

A CTF challenge based on CVE-2025-55182 Vulnerability

A critical vulnerability in React Server Components affecting React 19 (CVE-2025-55182) and frameworks that use it like Next.js (CVE-2025-66478).

React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0, including react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack, contain a remote code execution vulnerability.