Rule History

SID: 10016006 • Source: ptrules/open

Versions (2)

Rev: 1

Mar 2, 2026, 1:34 PM

Version DetailsCurrent

Rev: 1 • Dec 4, 2025, 7:50 PM

Message:

ATTACK [PTsecurity] React Server Components RCE (CVE-2025-55182)

Rule:

alert http any any -> any any (msg:"ATTACK [PTsecurity] React Server Components RCE (CVE-2025-55182)"; flow:established, to_server; http.uri; content:"/_next/static/chunks/react-flight"; http.content_type; content:"multipart/form-data|3b 20|"; content:"boundary|3d|"; distance:0; http.request_body; content:"Content-Disposition|3a 20|"; content:"form-data|3b|"; distance:0; content:"name|3d 22|"; distance:0; content:"|7b|"; distance:0; content:"|22 5f 5f|type|22|"; content:"|3a|"; distance:0; content:"|22|Function|22|"; distance:0; content:"global.process.mainModule.require"; reference:url, www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182; reference:cve, 2025-55182; reference:url, rules.ptsecurity.com; classtype:attempted-admin; sid:10016006; rev:1;)

Created:

Dec 4, 2025, 7:50 PM

Updated:

Feb 11, 2026, 8:15 AM

DB Created:

Dec 4, 2025, 9:34 PM

DB Updated:

Mar 2, 2026, 1:34 PM

Filename:

rules/ptopen-attacks.rules