Exploit for Deserialization of Untrusted Data in Facebook React

⚡ CVE-2025-55182 – Auto Exploit Toolkit Precision Engine...

Exploit for Deserialization of Untrusted Data in Facebook React

⚡ CVE-2025-55182 – Advanced Auto Exploit Toolkit Precisi...

Exploit for Deserialization of Untrusted Data in Facebook React

react2shell-scanner-rust Detect CVE-2025-55182 & CVE-2025-664...

Exploit for Deserialization of Untrusted Data in Facebook React

PoC-react2...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-5582 RCE A self-use checking tool for detecting the...

PT-2025-49862

🧵 6/15: The Exploit simplified: The vulnerability CVE-2024-555182 lies in the deserialization process. React wasn't verifying if a requested key actually existed on the object during this process. This allows an attacker to sneak in a request for the constructor of a function...

📄 React 19.2.0 PHP Scanner / Remote Code Execution

This project delivers a PHP-based vulnerability scanner and remote code execution exploit for CVE‑2025‑55182 affecting React Server Components. It leverages RSC serialization weaknesses to execute arbitrary commands and validate successful exploitation...

React 19 Server Components Critical Vulnerability (CVE-2025-55182, CVE-2025-55183, CVE-2025-55184)

On December 3, 2025, the React team disclosed a critical remote code execution vulnerability CVE-2025-55182, CVSS 10.0 affecting React 19 Server Components. This vulnerability has raised concerns among Vaadin users and security scanning tools. Update: On December 11 and 12, 2025, two new...

Vite Plugin React 代码注入漏洞

Vite Plugin React is an open source plugin for Vite. A code injection vulnerability exists in Vite Plugin React 0.5.5 and earlier versions, which stems from an insecure dynamic import in the Server Functions API that could lead to remote code execution...

📄 React / Next.js Unauthenticated Remote Code Execution

A critical unauthenticated remote code execution vulnerability exists in React Server Components RSC Flight protocol. The vulnerability allows attackers to achieve prototype pollution during deserialization of RSC payloads by sending specially crafted multipart requests with proto, constructor, o...

Arbitrary Code Injection

Overview @vitejs/plugin-rsc is a React Server Components RSC support for Vite. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsafe dynamic imports in the loadServerAction, decodeReply, and decodeAction server APIs. An attacker can execute arbitrary JavaScript...

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell Vulnerability Scanner A safe, non-invasive scanne...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182: Exploitation Artifacts An export of a small s...

@levo-so/react (>=0.1.15 <=0.1.43), @levo-so/react-collection (>=0.0.1 <=0.1.86) +2 more potentially affected by CVE-2025-65849 via altcha (>=1.0.7 <=2.0.2)

altcha NPM version =1.0.7, =0.1.15, =0.0.1, =0.1.91, =0.0.23, =0.0.34 Source cves: CVE-2025-65849 Source advisory: SNYK:JS-ALTCHA-14236435...

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell Detector A Chrome extension for detecting React2S...

Update on React Server Components RCE Vulnerability (CVE-2025-55182 / CVE-2025-66478)

The attack landscape has been dynamic following the disclosure of the React Server Components RCE vulnerability. New information has emerged regarding the initial Proof-of-Concept exploit, as well as improved detection methods, exploitation mechanics observed in the wild, and rapidly growing atta...

Exploit for Deserialization of Untrusted Data in Facebook React

Used to reproduce CVE-2025...

Exploit for Deserialization of Untrusted Data in Facebook React

🧨 React2Hell — CVE-2025-55182 Exploit 🔥 Next.js / React...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 - React2Shell PoC A proof of concept exploit f...

Exploit for Deserialization of Untrusted Data in Facebook React

Zoomeye Next.js RCE Scanner Author: im-ezboy Scanner for Nex...