React2shell-scanner by Assetnote is a Python command-line tool designed to detect critical remote code execution (RCE) vulnerabilities CVE-2025-55182 and CVE-2025-66478 in Next.js applications. What makes this tool particularly valuable is its built-in support for bypassing web application firewalls (WAFs), enabling more effective detection of these vulnerabilities even when protective measures are in place. This capability is essential for security researchers and penetration testers aiming to identify and exploit flaws in modern Next.js apps, as WAFs often block usual detection methods. The integration of WAF bypass techniques within the scanner simplifies the process of uncovering RCE vulnerabilities that could allow attackers to execute arbitrary code remotely, potentially compromising the target application. This tool highlights advancements in security scanning technology tailored to address the challenges posed by sophisticated firewall protections.
For more insights, check out the original tweet here: https://twitter.com/intigriti/status/2029861567592911284. And don’t forget to follow @intigriti for more exciting updates in the world of cybersecurity.