ET WEB_SPECIFIC_APPS Waku RSC React2Shell Unsafe Flight Protocol Property Access (CVE-2025-55182)
Here you can find all the details about the rule "ET WEB_SPECIFIC_APPS Waku RSC React2Shell Unsafe Flight Protocol Property Access (CVE-2025-55182)". Propose edits, view related rules, and engage with the community through comments.
[[ currentRule.title ]]
[[ currentRule.description ]]
Rule Content
v [[ currentRule.version ]][[ currentRule.to_string ]]{
"id": 182885,
"format": "suricata",
"title": "ET WEB_SPECIFIC_APPS Waku RSC React2Shell Unsafe Flight Protocol Property Access (CVE-2025-55182)",
"license": "GPL-2.0",
"description": "No description provided",
"uuid": "7b961e3b-cc63-4b74-b73a-9e530ca52bc3",
"original_uuid": "2066029",
"source": "emerging-all.rules.zip by admin admin",
"author": "Unknown",
"creation_date": "2025-12-19 10:26",
"last_modif": "2025-12-19 10:26",
"vote_up": 0,
"vote_down": 0,
"user_id": 1,
"version": "2",
"to_string": "alert http any any -> $HOME_NET any (msg:\"ET WEB_SPECIFIC_APPS Waku RSC React2Shell Unsafe Flight Protocol Property Access (CVE-2025-55182)\"; flow:established,to_server; http.uri; content:\"/RSC/\"; http.content_type; content:\"multipart/form-data|3b|\"; http.request_body; content:\"|24 40|\"; pcre:\"/^[0-9a-fA-F]+\\x22?\\x0d\\x0a/R\"; content:\"|22|_prefix|22|\"; content:\"|22|_formData|22|\"; fast_pattern; content:\"|22 24|\"; pcre:\"/^[0-9a-fA-F]+\\x3a(?:__proto__|constructor|Module)\\x3a/R\"; http.method; content:\"POST\"; reference:url,react2shell.com/; reference:cve,2025-55182; classtype:web-application-attack; sid:2066029; rev:2; metadata:attack_target Server, tls_state TLSDecrypt, created_at 2025_12_05, cve CVE_2025_55182, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence Medium, signature_severity Major, tag Exploit, updated_at 2025_12_08, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)",
"is_favorited": false,
"cve_id": "{CVE-2025-55182}"
}{
"uuid": "fa5c7426-f61d-4d24-b224-9823c722e79f",
"Object": [
{
"name": "suricata",
"meta-category": "network",
"template_uuid": "3c177337-fb80-405a-a6c1-1b2ddea8684a",
"description": "An object describing one or more Suricata rule(s) along with version and contextual information.",
"template_version": "2",
"uuid": "f2d09222-dd0a-45d1-b156-2e60595ccfad",
"Attribute": [
{
"uuid": "ef73d28c-2758-4679-b70f-7e2679dde6d6",
"object_relation": "suricata",
"value": "alert http any any -> $HOME_NET any (msg:\"ET WEB_SPECIFIC_APPS Waku RSC React2Shell Unsafe Flight Protocol Property Access (CVE-2025-55182)\"; flow:established,to_server; http.uri; content:\"/RSC/\"; http.content_type; content:\"multipart/form-data|3b|\"; http.request_body; content:\"|24 40|\"; pcre:\"/^[0-9a-fA-F]+\\x22?\\x0d\\x0a/R\"; content:\"|22|_prefix|22|\"; content:\"|22|_formData|22|\"; fast_pattern; content:\"|22 24|\"; pcre:\"/^[0-9a-fA-F]+\\x3a(?:__proto__|constructor|Module)\\x3a/R\"; http.method; content:\"POST\"; reference:url,react2shell.com/; reference:cve,2025-55182; classtype:web-application-attack; sid:2066029; rev:2; metadata:attack_target Server, tls_state TLSDecrypt, created_at 2025_12_05, cve CVE_2025_55182, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence Medium, signature_severity Major, tag Exploit, updated_at 2025_12_08, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)",
"type": "snort",
"disable_correlation": false,
"to_ids": true,
"category": "Network activity"
},
{
"uuid": "bbda96cf-67c0-45cf-a96f-c61ecf649421",
"object_relation": "suricata-rule-name",
"value": "ET WEB_SPECIFIC_APPS Waku RSC React2Shell Unsafe Flight Protocol Property Access (CVE-2025-55182)",
"type": "text",
"disable_correlation": false,
"to_ids": false,
"category": "Other"
},
{
"uuid": "e9969fb1-7533-497f-ae07-05f813a4ceb2",
"object_relation": "comment",
"value": "No description provided",
"type": "comment",
"disable_correlation": false,
"to_ids": false,
"category": "Other"
},
{
"uuid": "6a96e9c8-93b2-4009-84fc-50d431a08dee",
"object_relation": "version",
"value": "2",
"type": "text",
"disable_correlation": false,
"to_ids": false,
"category": "Other"
},
{
"uuid": "76473434-84d6-4c1b-836a-c23028810e65",
"object_relation": "reference",
"value": "emerging-all.rules.zip by admin admin",
"type": "link",
"disable_correlation": false,
"to_ids": false,
"category": "External analysis"
}
],
"distribution": "5",
"sharing_group_id": "0"
}
]
}Similar Rules
More RulesThe similarity is calculated using the TF-IDF (Term Frequency - Inverse Document Frequency) vectorization of each rule's text, followed by computing the cosine similarity between vectors.
This method compares the textual content of the rules, giving higher weight to distinctive terms and lower weight to common terms. It is robust to small changes in wording.
Learn more on the official scikit-learn documentation: TF-IDF Vectorizer & Cosine Similarity
[[ rule.title ]]
[[ rule.description ]]
Related Bundles
[[ bundleListRule.length ]] TotalNo bundles found for this rule.
Please log in to propose an edit.
No edit proposals found for this rule.
[[ comments_list.length ]] Comments
Join the conversation
Login to replyCommunity Discussion
No comments yet
Be the first to share your thoughts on this rule!