Hi everyone,
I’m trying to understand if there is a reliable way to detect whether a system or application is vulnerable to CVE-2025-55182 (React2Shell / React Server Components RCE).
Is it possible to identify affected systems using automated scanners, dependency analysis, or network-based methods? Or is detection only feasible through code/build inspection and dependency/version checks?
Best regards
the OPENVAS ENTERPRISE FEED includes an active check for detecting CVE-2025-55182. There is also a Dockerized test environment along with a PoC you can use for test lab and many other PoC you can test with.
Is there any was to get the Enterprise Feed for this vulnerability in OpenVAS CE?
You cannot use the OPENVAS ENTERPRISE FEED with any Community Edition product. There is a 14 dy free trial for OPENVAS BASIC which includes the OPENVAS ENTERPRISE FEED.
There is a free tool for detecting CVE-2025-55182 without GVM: https://github.com/assetnote/react2shell-scanner
This topic was automatically closed after 90 days. New replies are no longer allowed.