What is CVE-2025-55182?

CVE-2025-55182 is a critical vulnerability in React Server Components where unsanitized deserialization of objects can lead to prototype pollution and Remote Code Execution (RCE) on the server.

How does React2Shell Auditor help?

It provides a client-side parser that recursively scans objects for forbidden prototype reference keys (like __proto__, constructor, and prototype) and insecure action handlers (such as _response, then, and mainModule).

React2Shell Security Auditor (CVE-2025-55182)

Protect Next.js Server Actions and RSC streams. Analyze payloads for recursive prototype pollution and deserialization bypasses directly in your browser.

CVE-2025-55182 Security Sandbox

RSC Post Payload

Vulnerability Audit Log

✨ Payload Appears Safe

Scanned: 0 lines

PASS

Enter a payload and click 'Scan & Audit Payload' to begin the security audit.

Engineering Guides

Master This Tool

Deep-dive guides and tutorials for advanced users.

Defeating CVE-2025-55182: A Local-First Guide to Auditing React Server Components

Audit CVE-2025-55182 with our local-first scanner. Perform a Next.js RCE exploit check securely in-browser. Zero server logs. Guaranteed privacy.

Read Guide

The Extension Sniffing Crisis: Why Developers are Moving to Local-First Tools

Browser extensions are silently sniffing development data. Learn why developers are moving to local-first, offline utilities like FmtDev Sovereign Suite.

Read Guide