Versions (2)
Version DetailsCurrent
Rev: 1 • Dec 4, 2025, 7:50 PMATTACK [PTsecurity] React Server Components RCE (CVE-2025-55182)
alert http any any -> any any (msg: "ATTACK [PTsecurity] React Server Components RCE (CVE-2025-55182)"; flow: established, to_server; http.uri; content: "/_next/static/chunks/react-flight"; http.content_type; content: "multipart/form-data|3b 20|"; content: "boundary|3d|"; distance: 0; http.request_body; content: "Content-Disposition|3a 20|"; content: "form-data|3b|"; distance: 0; content: "name|3d 22|"; distance: 0; content: "|7b|"; distance: 0; content: "|22 5f 5f|type|22|"; content: "|3a|"; distance: 0; content: "|22|Function|22|"; distance: 0; content: "global.process.mainModule.require"; reference: url, www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182; reference: cve, 2025-55182; reference: url, rules.ptsecurity.com; classtype: attempted-admin; sid: 10016006; rev: 1;)
Dec 4, 2025, 7:50 PM
Feb 11, 2026, 8:15 AM
Dec 4, 2025, 9:34 PM
Mar 2, 2026, 1:34 PM
rules/ptopen-attacks.rules