nilfredb/CVE-2025-66478-Research-Proof-of-Concept

# CVE-2025-66478-Research-Proof-of-Concept ## Overview This repository contains research and a proof-of-concept implementation related to CVE-2025-66478, a vulnerability affecting certain Next.js / React Server Components configurations. The project was developed in a controlled laboratory environment for educational and defensive security purposes. ## Disclaimer This repository is provided exclusively for: * Security research * Defensive testing * Educational purposes * Authorized laboratory environments Do not use this code against systems without explicit authorization. The author assumes no responsibility for misuse. ## Technical Summary Affected applications may expose execution primitives capable of reaching Node.js internals under specific circumstances. ## Features * Automated payload generation * HTTP request construction * Response parsing * Research-oriented implementation * Simple command execution workflow for laboratory environments ## Requirements * Python 3.10+ * requests Install dependencies: pip install -r requirements.txt ## Usage python exploit.py The script will request: * Target URL * Command to execute ## Research Notes The repository was developed while studying: * React Server Components * Next.js internals * Node.js execution context * Debugging interfaces * Application security ## References * React Documentation * Next.js Documentation * Node.js Documentation * Public vulnerability advisories ## License MIT License