alert http any any -> any any (msg:"ATTACK [PTsecurity] React Server Components RCE (CVE-2025-55182)"; flow:established, to_server; http.content_type; content:"multipart/form-data|3b 20|"; content:"boundary|3d|"; distance:0; http.request_body; content:"Content-Disposition|3a 20|"; content:"form-data|3b|"; distance:0; content:"name|3d 22|"; distance:0; pcre:"/(\$ACTION_REF_|\$ACTION_ID_)/PR"; content:"Content-Disposition|3a 20|"; distance:0; content:"form-data|3b|"; distance:0; content:"name|3d 22 24|ACTION"; distance:0; content:"|7b|"; distance:0; content:"|22|id|22|"; distance:0; content:"|22|bound|22|"; reference:url, www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182; reference:cve, 2025-55182; reference:url, rules.ptsecurity.com; classtype:attempted-admin; sid:10016005; rev:1;)