Skip to content

feat: add enhanced exploit detection patterns for CVE-2025-55182 #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
gensecai-dev merged 1 commit into from
Dec 5, 2025
Merged

feat: add enhanced exploit detection patterns for CVE-2025-55182 #1

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions src/middleware/detector.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,20 @@ const EXPLOIT_PATTERNS = [
severity: 'high' as const,
description: 'Prototype pollution attempt',
},
// Object.prototype.then pollution (CVE-2025-55182 exploit technique)
{
name: 'then_pollution',
pattern: /prototype\s*\.\s*then|\.then\s*=/i,
severity: 'high' as const,
description: 'Object.prototype.then pollution attempt',
},
Comment on lines +32 to +38
Copy link

@coderabbitai coderabbitai bot Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Overly broad pattern may cause false positives.

The second alternation \.then\s*= will match any assignment to a .then property, not just prototype pollution. For example, promise.then = someFunc or obj.then = value would trigger this pattern even though they're not prototype pollution attempts.

Consider making the pattern more specific to actual prototype pollution vectors:

   {
     name: 'then_pollution',
-    pattern: /prototype\s*\.\s*then|\.then\s*=/i,
+    pattern: /(Object|constructor)\s*\.\s*prototype\s*\.\s*then|__proto__\s*\.\s*then|\[\s*["']__proto__["']\s*\]\s*\.\s*then/i,
     severity: 'high' as const,
     description: 'Object.prototype.then pollution attempt',
   },

This revised pattern targets:

  • Object.prototype.then or constructor.prototype.then
  • __proto__.then
  • ["__proto__"].then (bracket notation)
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
// Object.prototype.then pollution (CVE-2025-55182 exploit technique)
{
name: 'then_pollution',
pattern: /prototype\s*\.\s*then|\.then\s*=/i,
severity: 'high' as const,
description: 'Object.prototype.then pollution attempt',
},
// Object.prototype.then pollution (CVE-2025-55182 exploit technique)
{
name: 'then_pollution',
pattern: /(Object|constructor)\s*\.\s*prototype\s*\.\s*then|__proto__\s*\.\s*then|\[\s*["']__proto__["']\s*\]\s*\.\s*then/i,
severity: 'high' as const,
description: 'Object.prototype.then pollution attempt',
},
🤖 Prompt for AI Agents 
In src/middleware/detector.ts around lines 32 to 38, the current regex
/\.then\s*=/ is overly broad and flags any assignment to a .then property (false
positives); narrow the pattern to match real prototype-pollution vectors only by
targeting explicit prototype paths such as Object.prototype.then,
<someIdentifier>.constructor.prototype.then, __proto__.then and bracket notation
like ["__proto__"].then or ['__proto__'].then; replace the alternation with a
regex that matches these forms (e.g. patterns for \bObject\.prototype\.then\b,
\b[A-Za-z_$][A-Za-z0-9_$]*\.constructor\.prototype\.then\b, __proto__ (dot)
then, and bracketed "__proto__" access) while preserving case-insensitivity and
keeping severity/description the same.

// _prefix property injection (CVE-2025-55182 exploit technique)
{
name: 'prefix_injection',
pattern: /"_prefix"\s*:/i,
severity: 'high' as const,
description: 'Potential _prefix property injection',
},
Comment on lines +32 to +45
Copy link

@coderabbitai coderabbitai bot Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

CVE-2025-55182 React Server Components exploitation

💡 Result:

Short summary — CVE-2025-55182 is a critical (CVSS 10.0) unauthenticated remote‑code‑execution vulnerability in the React Server Components (RSC) "Flight" handling. An attacker can send a crafted HTTP RSC payload to vulnerable servers and achieve RCE without authentication. Immediate patching is required. [1][2][3]

Key facts

  • Affected packages/versions: react-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack in React 19.0.0, 19.1.0, 19.1.1, 19.2.0 (varies by package). Also impacts many Next.js 15/16 releases and some canary builds. [1][4][5]
  • Exploitation: requires only a crafted HTTP request targeting the RSC/server‑function endpoint; proof‑of‑concept exploits and weaponization reports exist and some vendors report active exploitation. [2][6]
  • Patched releases: React RSC patched versions include 19.0.1, 19.1.2, 19.2.1 (upgrade to the appropriate patched line). Next.js patched releases are listed in vendor advisories — upgrade Next.js to the fixed versions. [1][4]

Immediate actions (recommended)

  1. Patch now — upgrade react-server-dom-* to the patched versions (19.0.1 / 19.1.2 / 19.2.1) and upgrade Next.js to the vendor‑recommended fixed releases. Test and deploy ASAP. [1][4]
  2. If you cannot patch immediately, apply WAF rules / emergency vendor mitigations (Cloudflare, Akamai, Vercel, etc.) and restrict access to server‑function endpoints (IP allow‑lists, internal only). Audit builds, images, CI artifacts, and dependency trees for vulnerable packages. [2][3][6]
  3. Hunt for indicators: review logs for unexpected POSTs to RSC endpoints, spawned processes, or anomalous command execution; rotate credentials and isolate compromised hosts if exploitation is detected. [2][5]

References
[1] React team advisory: Critical security vulnerability in React Server Components (Dec 3, 2025).
[2] Wiz research advisory: technical details and PoC reliability.
[3] Kaspersky blog post on CVE-2025-55182.
[4] GitHub Advisory / GitHub Advisory DB entry for the RSC RCE.
[5] CSA (Singapore) alert on the vulnerability.
[6] Multiple vendor advisories / news reports noting active exploitation and mitigation guidance.

If you want, I can: (A) check a specific project (package.json / lockfile) for vulnerable react-server-dom versions, or (B) fetch the exact Next.js versions you must upgrade from/to for your environment. Which would you prefer?

🏁 Script executed:

#!/bin/bash
# Search for test files covering these patterns
find . -type f \( -name "*test*" -o -name "*spec*" \) \( -name "*.ts" -o -name "*.js" \) | head -20

# Search for references to these patterns in tests
rg -i "then_pollution|prefix_injection" --type ts --type js

# Check the detector.ts file context
fd -name "detector.ts" -type f

Repository: gensecaihq/react2shell-scanner

Length of output: 783

🏁 Script executed:

#!/bin/bash
# Check middleware test file for these pattern tests
rg "then_pollution|prefix_injection" test/unit/middleware.test.ts -A 5 -B 2

# View the detector.ts file to understand implementation
cat src/middleware/detector.ts

Repository: gensecaihq/react2shell-scanner

Length of output: 5839

🌐 Web query:

CVE-2025-55182 "then pollution" "prototype.then" RSC Flight exploitation technique

💡 Result:

Short summary — what "then pollution" / "prototype.then" is and how it was used against CVE-2025-55182 (React RSC Flight):

  • CVE-2025-55182 is a critical RCE in React Server Components (the RSC “Flight” protocol) caused by unsafe deserialization of Flight payloads; it lets attacker-controlled payload fields steer server-side execution. Patch committed to check hasOwnProperty for exported names. [1][2]

  • The exploitation technique dubbed "then pollution" (or prototype.then abuse) abuses JavaScript's prototype/then semantics during deserialization: an attacker injects a property named "then" (and specially crafted form-field markers like "$1:proto:then") so that the deserializer ends up setting a then handler on the prototype chain. That causes the runtime to treat crafted objects as Promise-like and invoke attacker-controlled functions (e.g., via constructor/constructor or other gadgets), enabling execution of native Node APIs (child_process.execSync, etc.) on the server. Datadog and several research write-ups show example payloads and a working PoC that uses "$1:proto:then" and "$1:constructor:constructor" to reach execSync. [3][1]

  • Why the fix works: the upstream patch changes module export lookup to only return own properties (hasOwnProperty.call(moduleExports, name)), preventing lookup of polluted prototype properties like prototype.then from resolving to privileged exports. Upgrading to the patched React/Next.js releases is the recommended mitigation. [1][2][3]

Key references (read for payloads and walk‑throughs):

  • React/Next.js advisories and analysis (summary + fixes). [2][4]
  • Datadog Security Labs analysis with the PoC-style payload showing "$1:proto:then" and constructor abuse. [3]
  • Vendor/research coverage (Wiz, Qualys, etc.) summarizing impact and mitigation. [2][5]

If you want, I can:

  • paste the Datadog payload example and walk through each step, or
  • scan your codebase/deps for vulnerable react-server packages and give exact upgrade commands.

🌐 Web query:

CVE-2025-55182 "_prefix" property injection React Server Components

💡 Result:

Short answer: Yes — CVE-2025-55182’s exploit chain abuses a crafted _response object (including a controlled _prefix) so the RSC deserializer ends up calling response._formData.get(response._prefix + id), which can be used to invoke the Function constructor and achieve RCE. Patch immediately. [1][2][3]

Details & references:

  • React official advisory: critical RCE in React Server Components; upgrade to the patched releases. [1]
  • Independent research / PoC analysis showing attack uses a fake chunk with _response._prefix and _formData.get and the $B handler that does response._formData.get(response._prefix + id). (exploit chain and code excerpts). [2]
  • Telemetry/analysis showing in‑the‑wild scanning and payloads that set _response._prefix to attacker-controlled code. [3]

Action: upgrade react-server-dom-webpack / -parcel / -turbopack to the patched versions (19.0.1, 19.1.2, 19.2.1 or later) and update affected frameworks (Next.js patched releases) immediately; if you cannot patch, block/limit Server Function endpoints and apply WAF rules. See React advisory and national CERT advisories for recommended versions and mitigation steps. [1][4][5]

Sources:
[1] React team advisory (Dec 3, 2025).
[2] CVE-2025-55182 research / PoC (GitHub).
[3] Datadog Security Labs analysis (exploit telemetry).
[4] NVD entry for CVE-2025-55182.
[5] Canadian Cyber Centre / other national advisories.

🏁 Script executed:

#!/bin/bash
# Check the middleware test file for coverage of these patterns
cat test/unit/middleware.test.ts | head -200

Repository: gensecaihq/react2shell-scanner

Length of output: 6565

🏁 Script executed:

#!/bin/bash
# Search for any tests that might test detector patterns
rg -i "detectExploitPatterns|then_pollution|prefix_injection" test/unit/middleware.test.ts -A 3 -B 1

Repository: gensecaihq/react2shell-scanner

Length of output: 2285

Add tests for then_pollution and prefix_injection patterns.

The test suite has comprehensive coverage for most exploit patterns but lacks explicit tests for the two CVE-2025-55182-specific patterns. Add test cases for then_pollution and prefix_injection to match the existing test coverage for other patterns:

it('should detect then pollution attempts', () => {
  const payload = 'Object.prototype.then = function() {}';
  const result = detectExploitPatterns(payload);

  expect(result.detected).toBe(true);
  expect(result.patterns).toContain('then_pollution');
  expect(result.severity).toBe('high');
});

it('should detect _prefix injection', () => {
  const payload = '{"_prefix": "malicious"}';
  const result = detectExploitPatterns(payload);

  expect(result.detected).toBe(true);
  expect(result.patterns).toContain('prefix_injection');
  expect(result.severity).toBe('high');
});
🤖 Prompt for AI Agents 
In src/middleware/detector.ts around lines 32 to 45, tests are missing for the
two CVE-2025-55182 patterns (then_pollution and prefix_injection); add two unit
tests alongside the existing pattern tests that feed a payload containing
"Object.prototype.then = function() {}" and '{"_prefix":"malicious"}'
respectively, call detectExploitPatterns(payload), assert result.detected ===
true, assert result.patterns contains 'then_pollution' / 'prefix_injection', and
assert result.severity === 'high' so the new regexes are covered the same way as
the other exploit patterns.

Comment on lines +39 to +45
Copy link

@coderabbitai coderabbitai bot Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Pattern may be bypassed with different quote styles.

The pattern only matches "_prefix" with double quotes. Attackers could bypass this by using:

  • Single quotes: '_prefix':
  • No quotes (JavaScript object literal): _prefix:
  • Escaped quotes: \"_prefix\":

Consider a more flexible pattern:

   {
     name: 'prefix_injection',
-    pattern: /"_prefix"\s*:/i,
+    pattern: /["']?_prefix["']?\s*:/i,
     severity: 'high' as const,
     description: 'Potential _prefix property injection',
   },

This matches _prefix with optional quotes. If escaped quote scenarios are possible, you may need a more sophisticated pattern or pre-processing.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
// _prefix property injection (CVE-2025-55182 exploit technique)
{
name: 'prefix_injection',
pattern: /"_prefix"\s*:/i,
severity: 'high' as const,
description: 'Potential _prefix property injection',
},
// _prefix property injection (CVE-2025-55182 exploit technique)
{
name: 'prefix_injection',
pattern: /["']?_prefix["']?\s*:/i,
severity: 'high' as const,
description: 'Potential _prefix property injection',
},
🤖 Prompt for AI Agents 
In src/middleware/detector.ts around lines 39 to 45, the current pattern only
matches "_prefix" with double quotes and can be bypassed with single quotes, no
quotes, or escaped quotes; replace the regex with one that accepts optional
surrounding quotes (single or double), allows escaped quote characters, and
still requires the colon and optional whitespace afterwards (or alternatively
unescape input before matching), and update the severity/description unchanged.

// Malformed module references
{
name: 'malformed_module_ref',
Expand Down