loading
loading
Vulnerabilities
High-fidelity detection for the RSC/Next.js RCE flaws CVE-2025-55182 and CVE-2025-66478.
overview
react2shell-scanner checks whether a host is vulnerable to the React Server Components and Next.js remote-code-execution flaws tracked as CVE-2025-55182 and CVE-2025-66478. It is built for high fidelity: it confirms the condition rather than guessing from a version banner, so a hit is a real exposure worth acting on rather than a noisy maybe.
It runs against a single URL or a file of hosts, with concurrency and timeout controls for covering wide scopes. Quiet mode prints only vulnerable hosts, which keeps output clean when scanning thousands of targets, and verbose mode shows the response detail behind each finding when you want to verify it by hand. An insecure option skips TLS verification for hosts with bad certificates.
On Trickest it is a Vulnerabilities node that takes a URL or host list plus scan controls, and writes a file and a folder of results. Run it after a discovery and probing stage so the RCE check targets live Next.js hosts, and route confirmed findings straight into triage.
use cases
Scan a host list for CVE-2025-55182 and CVE-2025-66478 to find which Next.js deployments are exposed to remote code execution.
Enable quiet mode so a scan over thousands of hosts returns only the vulnerable ones, ready to feed triage without filtering noise.
Switch on verbose mode to see the response details behind each vulnerable host, confirming the detection before raising it.
Use insecure mode (-k) when live targets present self-signed or mismatched TLS certs that would otherwise abort the check.
reference
| Name | Type | Flag | Description |
|---|---|---|---|
| url | STRING | -u | Single URL to check. |
| list | FILE | -l | File of hosts to scan, one per line. |
| threads | STRING | -t | Concurrent threads (default 10). |
| timeout | STRING | --timeout | Request timeout in seconds (default 10). |
| quiet | BOOLEAN | -q | Output only vulnerable hosts. |
| verbose | BOOLEAN | -v | Show response details for vulnerable hosts. |
| insecure | BOOLEAN | -k | Disable SSL certificate verification. |
| all-results | BOOLEAN | --all-results | Save every host outcome, not only vulnerable hosts. |
Showing key inputs. react2shell-scanner exposes 9 inputs in total.
| Name | Type | Flag | Description |
|---|---|---|---|
| url | STRING | -u | Single URL to check |
| list | FILE | -l | File containing hosts (one per line) |
| quiet | BOOLEAN | -q | Only output vulnerable hosts |
| threads | STRING | -t | Number of concurrent threads (default 10) |
| timeout | STRING | --timeout | Request timeout in seconds (default 10) |
| verbose | BOOLEAN | -v | Show response details for vulnerable hosts |
| insecure | BOOLEAN | -k | Disable SSL certificate verification |
| no-color | BOOLEAN | --no-color | Disable colored output |
| all-results | BOOLEAN | --all-results | Save all results, not just vulnerable hosts |
example
# quiet scan of live hosts for CVE-2025-55182 / CVE-2025-66478react2shell-scanner -l live-hosts.txt -q -t 20 --timeout 10 -k[*] react2shell-scanner CVE-2025-55182 / CVE-2025-66478[*] Loaded 4 hosts from live-hosts.txt[*] Checking https://app.example.com[*] Checking https://www.example.com[!] VULNERABLE: https://app.example.com (RSC RCE)[*] Checking https://api.example.com[*] Checking https://staging.example.com[*] Done: 1/4 vulnerableguidance
Use react2shell-scanner to confirm the RSC/Next.js RCE on hosts you have already discovered and probed. It is a targeted CVE check, not a discovery tool, so feed it live hosts from httpx. For broad template-driven scanning across many CVEs, use nuclei.
Template-driven scanner covering thousands of issues. react2shell-scanner is a focused, high-fidelity check for these two CVEs.
A single-vulnerability scanner for Log4Shell. Same focused-check pattern aimed at a different flaw.
Probes and classifies hosts. Run it first so the RCE check targets only live Next.js deployments.
faq
related
A Go script for bypassing 403 forbidden responses.
An open-source tool that automates detecting and exploiting command injection.
Detect and abuse vulnerable implementations of stateless sessions.
A Python tool to find Cross-Origin Resource Sharing misconfigurations.
A tool to find HTTP splitting vulnerabilities.
Multi-threaded, IPv6-aware username enumeration via CVE-2018-15473.
A host list is probed by httpx, then react2shell-scanner checks the live hosts for the Next.js RCE and writes the vulnerable hosts as output.
Facts on this page come from the live Trickest tool library.