├── .gitignore ├── README.md ├── TECHNICAL-ANALYSIS.md ├── VULNERABLE-PACKAGES.md ├── exploit-all-gadgets.js ├── exploit-obscure-gadgets.js ├── exploit-persistence.js ├── exploit-rce-v4.js ├── package.json ├── poc-pure ├── CVE-2025-55182-poc.cjs ├── analysis-summary.md ├── nextjs-realistic-poc.cjs ├── package-lock.json ├── package.json ├── readmne ├── server.js ├── test-chunk-timing.cjs ├── test-console-log-fn.cjs ├── test-data-uri-import.cjs ├── test-decodeAction-rce.cjs ├── test-decodeaction-flow.cjs ├── test-formdata-bypass.cjs ├── test-function-export.cjs ├── test-iterator-rce.cjs ├── test-lazy-rce.cjs ├── test-msanft-approach.cjs ├── test-native-fn-strings.cjs ├── test-outlined-model-rce.cjs ├── test-prefulfilled-chunk.cjs ├── test-proto-bind.cjs ├── test-proto-pollution.cjs ├── test-real-exploit.cjs ├── test-real.cjs ├── test-render-rce.cjs ├── test-thenable-args.cjs ├── test-wakechunk-gadget.cjs └── test-when-rce-triggers.cjs ├── src ├── App.js ├── actions.js ├── bind-attack-test.js ├── creative-exploit-test.js ├── exploit-v2.js ├── exploit-v3.js ├── gadget-hunter.js ├── http-exploit.js ├── id-parsing-attack.js ├── manifest-attack-test.js ├── one-access-rce.js ├── path-traversal-exploit.js ├── proto-test.js ├── real-exploit.js ├── realistic-bundle-test.js ├── revive-proto-test.js ├── server-realistic.js ├── server.js ├── template-engine-test.js └── test-realistic-exploit.js ├── test-chunked-bypass.cjs ├── test-chunked-v2.cjs ├── test-oversize.cjs ├── test-simple.cjs └── webpack.config.js /.gitignore: -------------------------------------------------------------------------------- 1 | node_modules/ 2 | dist/ 3 | *.log 4 | .DS_Store 5 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/README.md -------------------------------------------------------------------------------- /TECHNICAL-ANALYSIS.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/TECHNICAL-ANALYSIS.md -------------------------------------------------------------------------------- /VULNERABLE-PACKAGES.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/VULNERABLE-PACKAGES.md -------------------------------------------------------------------------------- /exploit-all-gadgets.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/exploit-all-gadgets.js -------------------------------------------------------------------------------- /exploit-obscure-gadgets.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/exploit-obscure-gadgets.js -------------------------------------------------------------------------------- /exploit-persistence.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/exploit-persistence.js -------------------------------------------------------------------------------- /exploit-rce-v4.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/exploit-rce-v4.js -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/package.json -------------------------------------------------------------------------------- /poc-pure/CVE-2025-55182-poc.cjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/poc-pure/CVE-2025-55182-poc.cjs -------------------------------------------------------------------------------- /poc-pure/analysis-summary.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/poc-pure/analysis-summary.md -------------------------------------------------------------------------------- /poc-pure/nextjs-realistic-poc.cjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/poc-pure/nextjs-realistic-poc.cjs -------------------------------------------------------------------------------- /poc-pure/package-lock.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/poc-pure/package-lock.json -------------------------------------------------------------------------------- /poc-pure/package.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/poc-pure/package.json -------------------------------------------------------------------------------- /poc-pure/readmne: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/poc-pure/readmne -------------------------------------------------------------------------------- /poc-pure/server.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/poc-pure/server.js -------------------------------------------------------------------------------- /poc-pure/test-chunk-timing.cjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/poc-pure/test-chunk-timing.cjs -------------------------------------------------------------------------------- /poc-pure/test-console-log-fn.cjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/poc-pure/test-console-log-fn.cjs -------------------------------------------------------------------------------- /poc-pure/test-data-uri-import.cjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/poc-pure/test-data-uri-import.cjs -------------------------------------------------------------------------------- /poc-pure/test-decodeAction-rce.cjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/poc-pure/test-decodeAction-rce.cjs -------------------------------------------------------------------------------- /poc-pure/test-decodeaction-flow.cjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/poc-pure/test-decodeaction-flow.cjs -------------------------------------------------------------------------------- /poc-pure/test-formdata-bypass.cjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/poc-pure/test-formdata-bypass.cjs -------------------------------------------------------------------------------- /poc-pure/test-function-export.cjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/poc-pure/test-function-export.cjs -------------------------------------------------------------------------------- /poc-pure/test-iterator-rce.cjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/poc-pure/test-iterator-rce.cjs -------------------------------------------------------------------------------- /poc-pure/test-lazy-rce.cjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/poc-pure/test-lazy-rce.cjs -------------------------------------------------------------------------------- /poc-pure/test-msanft-approach.cjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/poc-pure/test-msanft-approach.cjs -------------------------------------------------------------------------------- /poc-pure/test-native-fn-strings.cjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/poc-pure/test-native-fn-strings.cjs -------------------------------------------------------------------------------- /poc-pure/test-outlined-model-rce.cjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/poc-pure/test-outlined-model-rce.cjs -------------------------------------------------------------------------------- /poc-pure/test-prefulfilled-chunk.cjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/poc-pure/test-prefulfilled-chunk.cjs -------------------------------------------------------------------------------- /poc-pure/test-proto-bind.cjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/poc-pure/test-proto-bind.cjs -------------------------------------------------------------------------------- /poc-pure/test-proto-pollution.cjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/poc-pure/test-proto-pollution.cjs -------------------------------------------------------------------------------- /poc-pure/test-real-exploit.cjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/poc-pure/test-real-exploit.cjs -------------------------------------------------------------------------------- /poc-pure/test-real.cjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/poc-pure/test-real.cjs -------------------------------------------------------------------------------- /poc-pure/test-render-rce.cjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/poc-pure/test-render-rce.cjs -------------------------------------------------------------------------------- /poc-pure/test-thenable-args.cjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/poc-pure/test-thenable-args.cjs -------------------------------------------------------------------------------- /poc-pure/test-wakechunk-gadget.cjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/poc-pure/test-wakechunk-gadget.cjs -------------------------------------------------------------------------------- /poc-pure/test-when-rce-triggers.cjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/poc-pure/test-when-rce-triggers.cjs -------------------------------------------------------------------------------- /src/App.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/src/App.js -------------------------------------------------------------------------------- /src/actions.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/src/actions.js -------------------------------------------------------------------------------- /src/bind-attack-test.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/src/bind-attack-test.js -------------------------------------------------------------------------------- /src/creative-exploit-test.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/src/creative-exploit-test.js -------------------------------------------------------------------------------- /src/exploit-v2.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/src/exploit-v2.js -------------------------------------------------------------------------------- /src/exploit-v3.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/src/exploit-v3.js -------------------------------------------------------------------------------- /src/gadget-hunter.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/src/gadget-hunter.js -------------------------------------------------------------------------------- /src/http-exploit.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/src/http-exploit.js -------------------------------------------------------------------------------- /src/id-parsing-attack.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/src/id-parsing-attack.js -------------------------------------------------------------------------------- /src/manifest-attack-test.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/src/manifest-attack-test.js -------------------------------------------------------------------------------- /src/one-access-rce.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/src/one-access-rce.js -------------------------------------------------------------------------------- /src/path-traversal-exploit.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/src/path-traversal-exploit.js -------------------------------------------------------------------------------- /src/proto-test.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/src/proto-test.js -------------------------------------------------------------------------------- /src/real-exploit.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/src/real-exploit.js -------------------------------------------------------------------------------- /src/realistic-bundle-test.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/src/realistic-bundle-test.js -------------------------------------------------------------------------------- /src/revive-proto-test.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/src/revive-proto-test.js -------------------------------------------------------------------------------- /src/server-realistic.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/src/server-realistic.js -------------------------------------------------------------------------------- /src/server.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/src/server.js -------------------------------------------------------------------------------- /src/template-engine-test.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/src/template-engine-test.js -------------------------------------------------------------------------------- /src/test-realistic-exploit.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/src/test-realistic-exploit.js -------------------------------------------------------------------------------- /test-chunked-bypass.cjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/test-chunked-bypass.cjs -------------------------------------------------------------------------------- /test-chunked-v2.cjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/test-chunked-v2.cjs -------------------------------------------------------------------------------- /test-oversize.cjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/test-oversize.cjs -------------------------------------------------------------------------------- /test-simple.cjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/test-simple.cjs -------------------------------------------------------------------------------- /webpack.config.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ejpir/CVE-2025-55182-research/HEAD/webpack.config.js --------------------------------------------------------------------------------