This tweet mentions a security tool called React2You which is an advanced exploitation suite designed specifically for CVE-2025-55182, also known as React2Shell. The key capabilities highlighted include mass scanning using multi-threading, an interactive remote code execution (RCE) shell with a pseudo-terminal interface, and a Web Application Firewall (WAF) bypass technique. The particular method for bypassing WAF employs UTF-16LE encoding combined with the insertion of junk data, a technique used to evade detection by many WAFs that do not properly decode or inspect such encoded payloads. Although the specific vendor of the WAF is not mentioned, this bypass technique is significant as it demonstrates a stealthy way to execute remote code on vulnerable systems protected by WAFs. This information is valuable for red teamers, penetration testers, and cybersecurity professionals focused on NextJS applications and related technologies impacted by CVE-2025-55182. The detailed use of UTF-16LE encoding and junk data suggests a sophisticated evasion approach against typical security filters.
Original tweet: https://twitter.com/dbtx000/status/1998400453776674882