#!/bin/bash
# Next.js CVE-2025-66478 / CVE-2025-55182 Vulnerability Checker
# Checks if Next.js installations are vulnerable to critical RCE
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/config.sh"
send_telegram() {
curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
-d chat_id="${TELEGRAM_CHAT_ID}" \
-d text="$1" \
-d parse_mode="HTML" > /dev/null || true
}
HOSTNAME=$(hostname)
echo "=== Next.js RCE Vulnerability Scanner ==="
echo "CVE-2025-66478 / CVE-2025-55182 (CVSS 10.0)"
echo ""
# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
VULNERABLE=0
SAFE=0
UNKNOWN=0
# Function to check if version is vulnerable
check_version() {
local version=$1
local major=$(echo $version | cut -d. -f1)
local minor=$(echo $version | cut -d. -f2)
local patch=$(echo $version | cut -d. -f3)
# Vulnerable versions:
# 15.0.0 - 15.0.4
# 15.1.0 - 15.1.8
# 15.2.0 - 15.2.5
# 15.3.0 - 15.3.5
# 15.4.0 - 15.4.7
# 15.5.0 - 15.5.6
# 16.0.0 - 16.0.6
if [ "$major" = "15" ]; then
if [ "$minor" = "0" ] && [ "$patch" -le "4" ]; then
return 1 # Vulnerable
elif [ "$minor" = "1" ] && [ "$patch" -le "8" ]; then
return 1
elif [ "$minor" = "2" ] && [ "$patch" -le "5" ]; then
return 1
elif [ "$minor" = "3" ] && [ "$patch" -le "5" ]; then
return 1
elif [ "$minor" = "4" ] && [ "$patch" -le "7" ]; then
return 1
elif [ "$minor" = "5" ] && [ "$patch" -le "6" ]; then
return 1
fi
elif [ "$major" = "16" ]; then
if [ "$minor" = "0" ] && [ "$patch" -le "6" ]; then
return 1
fi
fi
return 0 # Safe
}
echo "Searching for Next.js installations..."
echo ""
# Method 1: Check package.json files
find / -name "package.json" -type f 2>/dev/null | while read pkg; do
next_version=$(grep -o '"next"[[:space:]]*:[[:space:]]*"[^"]*"' "$pkg" 2>/dev/null | grep -o '[0-9][0-9.]*' | head -1)
if [ -n "$next_version" ]; then
echo "Found: $pkg"
echo " Next.js version: $next_version"
if check_version "$next_version"; then
echo -e " Status: ${GREEN}SAFE${NC}"
SAFE=$((SAFE + 1))
else
echo -e " Status: ${RED}VULNERABLE${NC} - Update to 15.5.7+ or 16.0.7+"
VULNERABLE=$((VULNERABLE + 1))
fi
echo ""
fi
done
# Method 2: Check Docker containers
echo "Checking Docker containers..."
docker ps --format '{{.Names}}' 2>/dev/null | while read container; do
echo "Checking container: $container"
# Try to find Next.js version in container
next_version=$(docker exec "$container" sh -c 'cat /*/package.json 2>/dev/null | grep -o "\"next\"[[:space:]]*:[[:space:]]*\"[^\"]*\"" | grep -o "[0-9][0-9.]*" | head -1' 2>/dev/null)
if [ -n "$next_version" ]; then
echo " Next.js version: $next_version"
if check_version "$next_version"; then
echo -e " Status: ${GREEN}SAFE${NC}"
else
echo -e " Status: ${RED}VULNERABLE${NC}"
fi
else
echo -e " Status: ${YELLOW}No Next.js found${NC}"
fi
echo ""
done
echo "=== Summary ==="
echo -e "${GREEN}Safe installations: $SAFE${NC}"
echo -e "${RED}Vulnerable installations: $VULNERABLE${NC}"
echo ""
if [ $VULNERABLE -gt 0 ]; then
echo -e "${RED}⚠️ ACTION REQUIRED${NC}"
echo "Vulnerable Next.js installations found!"
echo ""
echo "Patched versions:"
echo " - Next.js 15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7+"
echo " - Next.js 16.0.7+"
echo ""
echo "Update command:"
echo " npm install next@latest"
echo " # or"
echo " yarn upgrade next@15.5.7"
send_telegram "🚨 Vulnerable Next.js Found — CVE-2025-66478
Host: ${HOSTNAME}
Vulnerable installations: ${VULNERABLE}
Update to Next.js 15.5.7+ or 16.0.7+
Run manually: bash check-nextjs-rce.sh"
exit 1
else
echo -e "${GREEN}✓ All Next.js installations are safe${NC}"
exit 0
fi