Thank you for your interest in this project! This repository contains comprehensive documentation and educational materials for understanding and exploiting CVE-2025-55182 / CVE-2025-66478 (React2Shell RCE vulnerability).
This solution is built upon the excellent work of freeqaz and their react2shell project.
The exploit scripts, detection methods, and core exploitation techniques are derived from or directly utilize the react2shell framework. When contributing to this project or using the materials:
- Always credit freeqaz for the original react2shell work
- Reference the original repository: https://github.com/freeqaz/react2shell
- Respect the original license of react2shell
- Link to the original project in any derivative works
- Author: freeqaz
- Repository: https://github.com/freeqaz/react2shell
- Description: Comprehensive exploitation framework for CVE-2025-55182 / CVE-2025-66478
- License: Check the react2shell repository for license details
If you'd like to contribute educational materials:
- Ensure the content is accurate and technically sound
- Include code examples with explanations
- Add references to official CVE documentation
- Maintain consistency with existing documentation style
- Properly attribute any sources
Found an error in the documentation or scripts?
- Open an issue describing the problem
- Include screenshots or error messages
- Provide steps to reproduce
- Suggest a fix if possible
To improve the exploit scripts or tools:
- Ensure your changes work with the original react2shell framework
- Add comments explaining your modifications
- Test on vulnerable systems (with proper authorization)
- Document any new features
- Credit freeqaz for the base implementation
If you spot typos or inaccuracies:
- Submit a pull request with corrections
- Explain why the change is needed
- Reference supporting documentation if applicable
- Use this knowledge responsibly and legally
- Only test on systems you own or have explicit permission to test
- Respect responsible disclosure practices
- Share knowledge to improve security, not for malicious purposes
- Always attribute original work appropriately
This repository is licensed under the MIT License. However, the exploitation techniques are derived from freeqaz's react2shell project. Please respect the licensing of all referenced materials.
These materials are for educational and authorized security testing purposes only. Unauthorized access to computer systems is illegal. Users are responsible for:
- Obtaining explicit written permission before testing any system
- Complying with all applicable laws and regulations
- Using these tools ethically and legally
- Understanding the legal implications in their jurisdiction
If you have questions about contributing, attribution, or usage:
- Check the main README.md
- Review react2shell documentation: https://github.com/freeqaz/react2shell
- Consult official CVE documentation
- Open an issue for discussion
Thank you for respecting proper attribution and using this knowledge responsibly!
- React2Shell Project: https://github.com/freeqaz/react2shell
- CVE-2025-55182: Official vulnerability details
- CVE-2025-66478: Related Next.js vulnerability
- Responsible Disclosure: https://www.eff.org/deeplinks/2021/01/legal-and-ethical-issues-web-security-research
Remember: Great security knowledge comes with great responsibility.