The new update for NextRce, version 2.2, introduces a powerful feature to help security testers and attackers bypass Web Application Firewalls (WAFs) specifically targeting Next.js applications. This update includes a specialized UTF-16LE Encoding Engine designed to evade WAF signatures that typically block common payloads. By using 'Ghost Mode', the tool can encode malicious JSON payloads to bypass filters and exploit the critical vulnerability CVE-2025-55182 in Next.js. This approach improves the chances of successful Remote Code Execution (RCE) attacks against protected environments by disguising the payloads from detection tools.
Check out the original tweet here: https://twitter.com/ynsmroztas/status/1999434763115823597