React2Shell Auto Exploit: A CLI tool to exploit prototype pollution vulnerabilities (RCE) in React Server Actions

ReactGuard provides framework- and vulnerability-detection tooling for CVE-2025-55182 (React2Shell)

React2Shell exploit with multiple WAF bypass and vulnerable example application.

React2Shell: An exploitation framework for CVE-2025-55182 (Next.js/React RCE).

CVE-2025-55182 – React2Shell: Proof-of-Concept Remote Code Execution (RCE) exploit for Next.js apps. Features an interactive shell prompt to test and demonstrate the vulnerability in real time. Use for security research and authorized penetration-testing only.

React2Shell, CVE-2025-55182, RCE Vulnerability: A critical breakdown of the unsafe deserialization flaw in React Server Components that enables unauthenticated remote code execution across default React/Next.js setups.

React2Shell - CVE-2025-66478 RCE Exploit

CVE-2025-55182 Exploit Tool – Python 2.7 exploit for Next.js prototype pollution leading to RCE

Precision-Based Detection of RSC/Next.js Remote Code Execution Vulnerabilities (CVE-2025-55182, CVE-2025-66478)

Torito React2Shell Scanner & Exploit Tool (CVE-2025-55182 / 66478)

Exposure intelligence for the AI-infrastructure layer — finds and weighs leaked credentials, MCP/agent configs, git-metadata secrets, and supply-chain risk, and tells you which exposures to trust. Active verification, orphan-signal triage, SARIF dedup. OWASP LLM + MITRE ATLAS tagged.

This is an easy to use PoC script to exploit React2Shell-CVE-2025-55182 Nextjs vulnerability. This will help to gain a reverse shell.

Async RCE scanner for CVE-2025-55182 / CVE-2025-66478 — prototype-pollution → code execution via React Server Actions.

A critical vulnerability in React Server Components affecting React 19 (CVE-2025-55182) and frameworks that use it like Next.js (CVE-2025-66478).

Advanced security testing tool for CVE-2025-55182 vulnerability assessment in Next.js applications. Features interactive shell, batch scanning, WAF bypass, and comprehensive reporting.

PoC for React2Shell (CVE-2025-55182)

CVE-2025-55182 — Unauthenticated RCE in React Server Components (React2Shell). CVSS 10.0 exploit tool for authorized penetration testing.

🛡️ Scan and assess vulnerabilities in Next.js/Waku with the CVE-2025-55182-Scanner, combining static and dynamic analysis for robust security.

High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478)