CVE-2025-66478

This repository contains a scanner and PoC exploits for CVE-2025-66478, a vulnerability in Next.js RSC (React Server Components) that allows remote code execution. The scanner detects vulnerable versions, while the PoC demonstrates RCE via prototype pollution and command injection.

This repository contains a scanner tool designed to detect and patch vulnerabilities related to CVE-2025-66478 in Next.js and React RSC applications. It scans package.json files for vulnerable dependencies and applies version updates to mitigate the vulnerability.

This repository contains a Chrome extension and auxiliary tools designed to detect and fingerprint React Server Components (RSC) and Next.js applications for potential vulnerabilities (CVE-2025-55182 and CVE-2025-66478). It includes passive detection mechanisms and a Shodan scanner but lacks functional exploit code.

This repository contains a Python-based scanner for CVE-2025-66478, a critical RCE vulnerability in Next.js applications using React Server Components (RSC). The tool supports multiple scan modes, including safe detection, RCE proof-of-concept, version detection, and local project scanning, with features like WAF bypass and interactive shell capabilities.

This repository contains a functional exploit tool for CVE-2025-55182, targeting Next.js applications with RCE capabilities. It includes multiple exploitation chains, WAF bypass techniques, and payload encryption, along with a GUI for command execution and file management.

This repository provides a functional proof-of-concept for CVE-2025-55182, a pre-authentication remote code execution vulnerability in React Server Components and Next.js. It includes a Dockerized vulnerable Next.js application and detection methods using AssetNote's scanner and Nuclei templates.

This repository contains a functional exploit tool for CVE-2025-55182, targeting Next.js React Server Components (RSC) vulnerabilities. It includes multiple strategies for detection and exploitation, such as prototype pollution and WAF bypass techniques, with support for multi-threaded scanning and command execution.

This repository contains a comprehensive toolkit for exploiting CVE-2025-55182 and CVE-2025-66478, which are critical RCE vulnerabilities in React Server Components and Next.js. It includes functional exploit code, scanners, and a Burp Suite extension for detection and exploitation.

This repository contains a browser-based scanner for detecting CVE-2025-55182 (React RSC RCE) and CVE-2025-66478 (Next.js RSC RCE) in GitHub repositories. It checks package versions against known vulnerable ranges and provides a detailed report.

This repository contains a scanner script to detect Next.js projects vulnerable to CVE-2025-66478 by checking version numbers in various lock files. It does not exploit the vulnerability but identifies affected versions.

This repository contains a functional Python-based exploit for CVE-2025-66478, targeting Next.js applications using React Server Components (RSC). The exploit leverages deserialization flaws to achieve remote code execution (RCE) by crafting malicious payloads sent via HTTP requests.

This repository contains a Nuclei template designed to detect CVE-2025-55182 and CVE-2025-66478, which are vulnerabilities in React Server Components and Next.js allowing unauthenticated Remote Code Execution (RCE) through insecure deserialization. The template sends a crafted HTTP request and checks for specific error responses to identify vulnerable systems.

This repository contains a Python script designed to detect whether a website uses React Server Components (RSC) or Next.js by checking for specific HTML markers, content types, and headers. It does not exploit any vulnerability but scans for features related to CVE-2025-55182 and CVE-2025-66478.

This repository is a Next.js-based security scanner for detecting vulnerabilities in React Server Components (RSC) by analyzing package.json files. It checks for specific CVEs (e.g., CVE-2025-66478) and provides remediation guidance.

The repository contains a scanner for detecting CVE-2025-66478, a critical RCE vulnerability in React Server Components (RSC) and related frameworks. It includes detailed documentation, version ranges, and detection logic but no functional exploit code.

This repository contains a functional exploit script for CVE-2025-55182, a critical pre-authentication RCE vulnerability in React Server Components (RSC) Flight protocol. The exploit leverages insecure deserialization to achieve prototype pollution and arbitrary command execution.

This repository contains a passive scanner for detecting Next.js applications vulnerable to React2Shell-style attacks (CVE-2025-55182). It fingerprints Next.js and React Server Components (RSC) and sends a benign React Flight payload to check for vulnerability without executing OS commands.

This repository contains a scanner tool designed to detect vulnerable versions of React and Next.js packages affected by CVE-2025-55182 and CVE-2025-66478. It analyzes project dependencies and codebase structure but does not include exploit code.

This repository contains functional exploit code for CVE-2023-21980 (MySQL client library hijacking via UTF-16 path traversal) and CVE-2025-14847 (MongoDB zLib memory leak). The MySQL exploit demonstrates RCE by loading a malicious shared library, while the MongoDB exploit leaks heap memory via crafted OP_COMPRESSED packets.

This repository contains a functional proof-of-concept exploit for CVE-2025-66478, a critical RCE vulnerability in Next.js applications using React Server Components (RSC) due to insecure deserialization. The exploit includes a script to generate malicious payloads and a Docker environment for safe testing.

This repository contains a functional exploit script for CVE-2025-55182, a critical RCE vulnerability in React Server Components (RSC) Flight protocol due to insecure deserialization. The script demonstrates prototype pollution leading to arbitrary command execution via crafted HTTP POST requests.

This repository provides a detailed technical writeup and educational materials for CVE-2025-55182 and CVE-2025-66478, focusing on a critical unauthenticated RCE vulnerability in React Server Components and Next.js App Router. It includes exploit scripts derived from the react2shell framework and emphasizes proper attribution to the original author, freeqaz.

This repository contains a Chrome extension designed to detect React Server Components (RSC) and Next.js App Router fingerprints through passive and active fingerprinting techniques. It does not exploit CVE-2025-66478 but instead scans for indicators of RSC usage.

This repository contains a honeypot designed to detect and log exploitation attempts targeting the React2Shell vulnerability (CVE-2025-66478). It mimics a vulnerable server by responding to specific patterns in POST requests and logging payloads from attackers.

This repository contains a functional Go-based exploit for CVE-2025-66478, targeting a Next.js vulnerability. The exploit establishes a connection to the target, extracts an action ID, and executes arbitrary commands via a crafted payload involving prototype pollution and server-side JavaScript injection.

The repository claims to detect and exploit CVE-2025-55182 and CVE-2025-66478 but provides no actual exploit code, instead directing users to download external scripts via wget. The README is vague and lacks technical details about the vulnerabilities.

This repository contains a functional Python-based exploit for CVE-2025-66478, targeting a Next.js RCE vulnerability via prototype pollution in Server Components. The exploit crafts a malicious multipart/form-data payload to execute arbitrary commands on the server.

The repository contains a Python-based toolkit designed to scan and exploit React/Spring/GraphQL stacks, specifically targeting CVE-2025-55182 and CVE-2025-66478. It includes payloads for command execution via GraphQL and SpEL injection, with features for WAF evasion and endpoint discovery.

This repository documents real-world attack logs and malware samples targeting CVE-2025-66478, a Next.js Server Actions RCE vulnerability. It includes analysis of attack patterns, payloads, and mitigation strategies.

This repository contains a functional exploit for CVE-2025-66478, targeting a prototype pollution vulnerability in a Node.js-based web application. The exploit includes both safe checks and RCE payloads, with support for WAF bypass techniques and custom command execution.

The repository claims to provide an exploit for CVE-2025-66478 but contains obfuscated code with no visible technical details about the vulnerability. The README focuses on features like 'integrity verification' and 'obfuscation' rather than explaining the exploit mechanics.

The repository claims to provide an RCE exploit for Next.js 16.0.6 but only contains a README with a link to an external PDF report. No actual exploit code or technical details are present.

This repository contains a Python-based exploit toolkit for CVE-2025-66478, targeting Next.js React Server Components (RSC) prototype pollution combined with a React.lazy gadget chain to achieve remote code execution (RCE). The toolkit includes detection, exploitation, and post-exploitation features such as interactive shell access, file upload, and data exfiltration.

The repository contains a functional exploit for CVE-2025-66478, targeting Next.js applications with React Server Components (RSC) vulnerabilities. The exploit leverages crafted multipart/form-data requests to achieve remote code execution (RCE) via prototype pollution and command injection techniques.

This repository contains a Bash script that detects the presence of RSC/Next.js RCE vulnerabilities (CVE-2025-55182 and CVE-2025-66478) by sending a crafted HTTP request and checking for specific response signatures (HTTP 500 + digest). It does not exploit the vulnerability but scans for it.

This repository contains a functional exploit for CVE-2025-55182, targeting a React/Next.js RCE vulnerability. The exploit uses a crafted multipart/form-data request with a base64-encoded payload to achieve remote code execution.

This YAML file is a Nuclei template designed to detect CVE-2025-55182 and CVE-2025-66478, a Remote Code Execution vulnerability in Next.js applications using React Server Components. It sends a crafted multipart/form-data request to trigger the vulnerability and checks for a specific redirect response to confirm exploitation.

The repository contains a Python-based scanner for detecting CVE-2025-55182 and CVE-2025-66478, which are vulnerabilities in React Server Components (RSC) and Next.js. The scanner checks for the presence of the vulnerability by sending crafted multipart form data payloads and analyzing responses, but it does not include a full exploit for remote code execution.

This repository contains a functional Proof of Concept (PoC) for CVE-2025-66478, a critical Remote Code Execution (RCE) vulnerability in Next.js. The exploit leverages insecure deserialization and prototype pollution in the React Server Components (RSC) Flight protocol to achieve arbitrary command execution on the server.

This repository contains a functional proof-of-concept exploit for CVE-2025-55182, demonstrating a remote code execution (RCE) vulnerability in React Server Components. The exploit leverages the `__webpack_require__` function to load arbitrary modules, including `child_process`, to achieve command execution.

This repository contains a scanner tool for detecting CVE-2025-55182 and CVE-2025-66478 in Next.js applications using React Server Components. It sends crafted multipart POST requests to test for RCE vulnerabilities and includes features like WAF bypass and safe-check mode.

This repository contains a vulnerability scanner tool designed to detect and fix CVE-2025-66478 in Next.js or React RSC applications. It analyzes package.json files for vulnerable dependencies and provides remediation guidance.

This repository contains a functional exploit for CVE-2025-55182 and CVE-2025-66478, targeting a prototype pollution vulnerability in a Next.js application to achieve remote code execution (RCE). The exploit crafts a malicious payload to manipulate the `__proto__` chain and execute arbitrary commands via Node.js's `child_process` module.

This repository contains a functional exploit for CVE-2025-66478, targeting a deserialization vulnerability in React Server Components (RSC) and Next.js applications. The exploit leverages unsafe deserialization in server action handlers to achieve remote code execution via crafted multipart form-data payloads.

This YAML file is a Nuclei template designed to detect CVE-2025-66478, a prototype pollution vulnerability in Next.js App Router/React Server Components. It sends a crafted multipart request with a malicious payload and checks for specific error responses indicating the presence of the vulnerability.

This repository contains a scanner for detecting CVE-2025-55182 and CVE-2025-66478, which are critical RCE vulnerabilities in Next.js applications using React Server Components. The tool performs triple-layer detection (RCE, Safe, and Vercel WAF bypass payloads) and provides comprehensive reporting.

This repository contains a proof-of-concept exploit for CVE-2025-66478, a critical RCE vulnerability in Next.js due to insecure deserialization and prototype pollution in the RSC Flight protocol. The exploit leverages a crafted payload to achieve arbitrary command execution on affected Next.js servers.

The repository contains only a minimal README.md with no technical details, exploit code, or proof-of-concept. It appears to be a placeholder or incomplete submission.

The repository contains only a README.md with minimal content, lacking any exploit code or technical details. It appears to be a placeholder or stub for CVE-2025-66478.

This is a Go-based proof-of-concept exploit for CVE-2025-66478, targeting a Next.js vulnerability. It achieves remote code execution (RCE) by injecting a malicious payload into a Next.js server-side action, leveraging prototype pollution and server-side request forgery (SSRF) techniques.

This repository contains a working proof-of-concept exploit for CVE-2025-66478, targeting a Next.js application. The exploit leverages a prototype pollution or deserialization vulnerability to achieve remote code execution (RCE) via crafted form data submissions.

This repository contains a scanner for detecting vulnerable Next.js versions affected by CVE-2025-66478, an RCE vulnerability in React Server Components (RSC). The scanner checks the version of Next.js running on a target website and determines if it is vulnerable based on predefined version ranges.

The repository appears to be a legitimate writeup or analysis of CVE-2025-66478, containing detailed code and documentation related to the vulnerability. It includes multiple files, primarily in TypeScript, suggesting a technical deep dive into the affected software.

The repository contains a vulnerable monorepo setup with Next.js and Yarn workspaces but lacks actual exploit code or technical details about CVE-2025-66478. It serves as a placeholder for testing vulnerability detection in Yarn workspaces.

This repository contains a vulnerable monorepo setup with Next.js and Turborepo but lacks actual exploit code or technical details about CVE-2025-66478. It serves as a placeholder for testing vulnerability scanners rather than demonstrating an exploit.

This repository provides a detailed technical analysis of CVE-2025-66478, focusing on the vulnerability's impact on React/Next.js packages within a pnpm monorepo environment. It includes a test setup to demonstrate the vulnerability and highlights challenges for vulnerability scanners in handling pnpm symlinks.

This repository demonstrates a monorepo hoisting issue where a workspace package.json shows a fixed version of a dependency (Next.js 15.1.9) but the root node_modules contains a vulnerable hoisted version (15.1.0). It highlights a fix failure scenario where security tools may incorrectly trust package.json without verifying actual installed versions.

This repository is a test case designed to verify whether vulnerability scanners properly detect CVE-2025-66478 by checking the `pnpm.overrides` field, which pins a vulnerable version of Next.js (15.1.0) despite the `dependencies` field listing a safe version (15.1.9).

This repository demonstrates a vulnerability in pnpm's catalog protocol where scanners may fail to detect vulnerable versions of React/Next.js packages (CVE-2025-66478). It includes a test application and detailed explanation of how the catalog protocol can obscure version resolution.

This repository provides a detailed technical analysis of CVE-2025-66478, focusing on a vulnerable Next.js setup using Yarn Berry zero-installs. It explains the vulnerability scenario, scanner requirements, and expected behavior for detection and remediation.

This repository demonstrates a scanner gap test for CVE-2025-66478, highlighting how Yarn's 'resolutions' field can deceptively pin a vulnerable version of Next.js (15.1.0) despite the 'dependencies' field listing a safe version (15.1.9). It serves as a technical analysis of vulnerability detection challenges in dependency management.

This repository is a test environment for detecting CVE-2025-66478 in a Next.js application using Yarn Berry PnP mode. It does not contain exploit code but provides a vulnerable setup to challenge vulnerability scanners.

This repository contains a basic Next.js application with vulnerable dependencies but lacks actual exploit code or technical details about CVE-2025-66478. It serves as a placeholder for testing vulnerability presence without demonstrating exploitation.

This repository contains a basic Next.js application with vulnerable dependencies but lacks actual exploit code or technical details about CVE-2025-66478. It serves as a placeholder for testing the vulnerability without demonstrating exploitation.

This repository contains a basic Next.js application with Bun package manager, but lacks actual exploit code or technical details about CVE-2025-66478. It only provides a test environment with vulnerable dependencies.

This repository contains a minimal Next.js application with vulnerable package versions listed but lacks actual exploit code or technical details about CVE-2025-66478. It serves as a placeholder for testing version parsing with 'v' prefixes.

This repository contains a minimal Next.js application with vulnerable dependencies but lacks actual exploit code or technical details about CVE-2025-66478. It serves as a placeholder for testing transitive dependency scenarios without demonstrating the vulnerability.

This repository contains a minimal Next.js application with vulnerable package versions but lacks actual exploit code or technical details about CVE-2025-66478. It serves as a placeholder for testing the vulnerability without demonstrating exploitation.

This repository provides a technical analysis and test application for CVE-2025-66478, focusing on the challenges of scanning npm tag-based dependencies for vulnerabilities. It includes a Next.js application demonstrating how 'latest' tags can lead to inconsistent vulnerability detection.

This repository demonstrates a vulnerability in npm-shrinkwrap.json precedence over package-lock.json, leading to the installation of vulnerable versions of React/Next.js packages despite updates in package.json. It highlights a common blind spot in security tooling.

This repository contains a basic Next.js application with vulnerable package versions but lacks actual exploit code or technical details about CVE-2025-66478. It serves as a placeholder for testing vulnerability detection tools rather than demonstrating an exploit.

This repository provides a detailed technical analysis of CVE-2025-66478, focusing on a peer dependency conflict scenario in Next.js and React. It includes a test case demonstrating how incompatible versions can break the installation process, along with expected behaviors for vulnerability detection and remediation.

This repository contains a basic Next.js application with vulnerable dependencies (Next.js 15.1.0, React 19.0.0) but does not include actual exploit code or a proof-of-concept. It discusses the use of patch-package for local patching and scanner behavior but lacks functional exploit details.

This repository documents a vulnerability in Next.js and React (CVE-2025-66478) related to mismatched package manager configurations, where the `packageManager` field in `package.json` does not align with the actual lockfile used. It provides a test application to demonstrate the issue and explains why this discrepancy occurs.

This repository demonstrates a vulnerability scanner gap test for CVE-2025-66478, focusing on how npm 'overrides' can force a vulnerable version of Next.js (15.1.0) despite transitive dependencies declaring a safe version (15.1.9). It highlights the importance of scanners checking the 'overrides' field to detect hidden vulnerabilities.

This repository is a test case designed to verify whether vulnerability scanners detect vulnerable packages listed in `optionalDependencies`. It includes a Next.js application with a vulnerable version of `next` (15.1.0) in `optionalDependencies` to highlight scanner gaps.

This repository contains a basic Next.js application with vulnerable dependencies listed but no actual exploit code or technical details about CVE-2025-66478. It serves as a placeholder for testing scenarios without demonstrating the vulnerability.

This repository demonstrates a vulnerability scenario related to CVE-2025-66478, focusing on a lockfile mismatch issue in Next.js/React applications. It highlights how a lockfile can pin a vulnerable version even after the package.json is updated, leading to a false sense of security.

This repository is a technical analysis and test case for CVE-2025-66478, focusing on vulnerability scanner gaps in detecting transitive dependencies via Git URL dependencies in Next.js applications. It provides detailed documentation on the issue, expected scanner behavior, and test scenarios without containing actual exploit code.

This repository contains a basic Next.js application with vulnerable package versions listed but lacks actual exploit code or technical details about CVE-2025-66478. It serves as a placeholder for testing vulnerability detection tools.

This repository contains a minimal Next.js application with vulnerable package versions but lacks actual exploit code or technical details about CVE-2025-66478. It serves as a placeholder for testing vulnerability detection rather than demonstrating exploitation.

This repository provides a detailed technical analysis of CVE-2025-66478, focusing on version-specific vulnerabilities in Next.js 16.x canary releases. It includes a test application to verify scanner accuracy for canary version patching.

This repository contains a basic Next.js application with vulnerable package versions but lacks actual exploit code or technical details about CVE-2025-66478. It serves as a placeholder for testing the vulnerability without demonstrating exploitation.

This repository provides a detailed analysis of CVE-2025-66478, focusing on a special case in Next.js 14.x canary versions where no forward-compatible patch exists. It includes version matrices, remediation options, and setup instructions for testing.

This repository provides a detailed technical analysis of CVE-2025-66478, focusing on SemVer build metadata parsing vulnerabilities in React/Next.js. It includes a test application demonstrating how build metadata (e.g., +build.123) is incorrectly handled, leading to potential version comparison issues.

This repository contains a basic Next.js application with vulnerable package versions listed but lacks actual exploit code or technical details demonstrating CVE-2025-66478. It serves as a placeholder for testing vulnerability detection rather than a functional PoC.

This repository contains a basic Next.js application with vulnerable dependencies but lacks actual exploit code or technical details about CVE-2025-66478. It serves as a placeholder for testing the vulnerability without demonstrating exploitation.

This repository demonstrates a vulnerability in npm workspaces where security scanners using `--depth=0` miss nested vulnerable versions in workspace subdirectories. It highlights how a vulnerable Next.js version (15.1.0) can be overlooked while a safe version (15.5.7) is detected at the root level.

The repository contains a minimal test case for CVE-2025-66478 but lacks functional exploit code. It includes a README with vulnerability details and a placeholder JavaScript file that does not demonstrate exploitation.

This repository contains a monorepo setup with Next.js and React but lacks actual exploit code or technical details about CVE-2025-66478. It only provides a basic test application structure without demonstrating the vulnerability.

This repository contains a monorepo setup with Next.js and React versions listed as vulnerable to CVE-2025-66478, but it lacks any actual exploit code or technical details about the vulnerability itself. It only provides a basic test application structure.

This repository contains an Nmap NSE script for detecting CVE-2025-55182 and CVE-2025-66478 in React Server Components and Next.js applications. It uses a side-channel technique to identify vulnerable endpoints by analyzing server responses to malformed React Flight payloads.

This repository contains a proof-of-concept for CVE-2025-66478, demonstrating a prototype pollution vulnerability in Next.js 16 that leads to remote code execution (RCE). The PoC includes a malicious multipart/form-data request that exploits the vulnerability to execute arbitrary commands via `child_process.execSync`.

This repository provides a minimal intentionally vulnerable Next.js environment to test security scanners against CVE-2025-55182, a critical RCE vulnerability affecting React Server Components and Next.js. It includes a working exploit PoC that demonstrates command execution via a crafted HTTP POST request.

The repository contains a functional Python exploit for CVE-2025-55182, targeting a deserialization vulnerability in React Server Components (Next.js 16.x / React 19.x). The exploit manipulates the Chunk object's `then` property and leverages the `RESOLVED_MODEL` status to achieve remote code execution via crafted Blob deserialization.

This PoC demonstrates a prototype pollution vulnerability in Next.js leading to RCE via malicious form-data payloads. The exploit leverages JavaScript prototype manipulation to execute arbitrary commands through Node.js child_process.

This repository contains a Go-based automation tool designed to scan GitHub repositories for vulnerable Next.js versions (CVE-2025-66478) and automatically create pull requests with security patches. It uses the GitHub CLI and SemVer logic to detect and fix vulnerable dependencies in package.json files.

This repository provides a proof-of-concept for CVE-2025-66478, which appears to target a vulnerability in Next.js applications. The PoC includes both a Python script and a JavaScript snippet designed to test and mitigate the vulnerability by injecting a WAF-like protection mechanism.

This repository contains a functional Python-based exploit for CVE-2025-55182, a critical pre-authentication RCE vulnerability in React Server Components (RSC) due to unsafe deserialization in the Flight Protocol. The PoC leverages prototype pollution to achieve remote command execution via crafted multipart/form-data payloads.

This repository contains a bash script that checks for the presence of CVE-2025-66478 in NextJS servers by sending a crafted HTTP request and analyzing the response for a specific vulnerability indicator.

This Metasploit module exploits CVE-2025-55182, an unauthenticated RCE vulnerability in React Server Components (RSC) Flight protocol via prototype pollution during deserialization. It supports multiple frameworks (Next.js, Waku) and delivers payloads through crafted multipart requests.