![Holm Security Yellow.png]](https://support.holmsecurity.com/hs-fs/hubfs/Holm%20Security%20logos/Holm%20Security%20Yellow.png?height=40&name=Holm%20Security%20Yellow.png){kind=small}
How do I create a profile to only scan React2shell vulnerability (CVE-2025-55182)
To create a profile to only scan React2shell vulnerability, follow the steps below:
For remote/active detection (unauthentication):
- Log in to Security Center.
- Click Scan network > Scan profiles.
- Click +Create scan profile > Network scan profile.
- Under General settings choose Basic.
- Under Ports coverage change the TCP to Full scan.
- Under Vulnerabilities > include the HID-2-1-5314954 – React / Next.js Deserialization RCE (CVE-2025-55182) – Active Detection
- Scroll down and ensure that this scan test is unchecked Skip tests that perform active break-in attempts.
- Click Submit to save.
- Done!
For authenticated scan:
- Log in to Security Center.
- Click Scan network > Scan profiles.
- Click +Create scan profile > Network scan profile
- Under General settings choose Basic.
- Under Ports coverage change the TCP to Full scan.
- Under Vulnerabilities > include:
- HID-2-1-5314953 – Next.js React Component RCE Vulnerability (aka React2Shell) – CVE-2025-55182
- HID-2-1-5314950 – React Server Component RCE Vulnerability (aka React2Shell) – CVE-2025-55182
- Scroll down and ensure that this scan test is unchecked Skip tests that perform active break-in attempts.
- Under Authentication, ensure that you have set the correct authentication records.
- Click Submit to save.
- Done!
Important note for Windows targets
Authentication scans on Windows machines must allow execution of PowerShell commands in the scan configuration: https://support.holmsecurity.com/knowledge/what-is-the-impact-of-powershell-commands-in-authenticated-network-scans
Running scans with the local Scanner Appliance
To be able to detect the React2shell vulnerability with the local Scanner Appliance, ensure that you at least have this signature date 202512060106.