React2Shell — Vulnerable Lab (CVE-2025-55182)

React2Shell is an intentionally vulnerable React.js application provided for educational and research related to CVE-2025-55182. It contains deliberately insecure code and must not be used in production.

The project is packaged and run using Docker, making it easy to spin up a lab environment for learning, research, and security testing.

Blog Link : https://arulkumar.in/posts/react2shell-cve-2025-55182-docker-vulnerable-lab/

---

⚠️ Important — Responsible Use

• Run this lab only in isolated environments you control (local VM, disposable container).
• Do NOT test or exploit systems you do not own or lack explicit written permission to assess.
• The author is not liable for misuse or damage. Use responsibly.

---

🐳 Build & Run (Docker)

Clone the Repository:

https://github.com/subzer0x0/React2Shell.git
cd React2Shell

Build the Docker image:

docker build -t react2shell:latest .

Run the container (binds port 3000):

docker run --rm -p 3000:3000 react2shell:latest

Access the application: http://localhost:3000

---

📦 Pull Prebuilt Image (Docker Hub)

Pull the published image:

docker pull arulkumarv/react2shell:v1

Run the pulled image:

docker run --rm -p 3000:3000 arulkumarv/react2shell:v1

---

🔬 Exploit Proof‑of‑Concept (PoC)

A public PoC related to CVE-2025-55182 is available at: https://github.com/msanft/CVE-2025-55182

git clone https://github.com/msanft/CVE-2025-55182
cd CVE-2025-55182
python poc.py

---

Reference

• PoC repo: https://github.com/msanft/CVE-2025-55182
• React2Shell: https://react2shell.com/