[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]

# ![@pyn3rd Avatar](https://lunarcrush.com/gi/w:26/cr:twitter::700586855947829248.png) @pyn3rd pyn3rd

pyn3rd posts on X about nextjs, llms, threshold, visibility the most. They currently have XXXXXX followers and XX posts still getting attention that total XXXXXX engagements in the last XX hours.

### Engagements: XXXXXX [#](/creator/twitter::700586855947829248/interactions)
![Engagements Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::700586855947829248/c:line/m:interactions.svg)

- X Week XXXXXXX +681%
- X Months XXXXXXX +11,721%
- X Year XXXXXXX +195%

### Mentions: XX [#](/creator/twitter::700586855947829248/posts_active)
![Mentions Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::700586855947829248/c:line/m:posts_active.svg)


### Followers: XXXXXX [#](/creator/twitter::700586855947829248/followers)
![Followers Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::700586855947829248/c:line/m:followers.svg)

- X Months XXXXXX +6.60%
- X Year XXXXXX +11%

### CreatorRank: XXXXXXX [#](/creator/twitter::700586855947829248/influencer_rank)
![CreatorRank Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::700586855947829248/c:line/m:influencer_rank.svg)

### Social Influence

**Social category influence**
[technology brands](/list/technology-brands)  [stocks](/list/stocks) 

**Social topic influence**
[nextjs](/topic/nextjs) #1, [llms](/topic/llms), [threshold](/topic/threshold), [visibility](/topic/visibility), [capabilities](/topic/capabilities), [cloudflare](/topic/cloudflare)

**Top accounts mentioned or mentioned by**
[@sudhanshur705](/creator/undefined) [@dinodaizovi](/creator/undefined) [@pwntester](/creator/undefined) [@alancarriou](/creator/undefined) [@bugcrowd](/creator/undefined) [@codingo](/creator/undefined) [@sy1vi3](/creator/undefined) [@gothburz](/creator/undefined) [@ryancbarnett](/creator/undefined) [@mrglaive](/creator/undefined) [@bbt_retweet](/creator/undefined) [@kalirsec](/creator/undefined)

**Top assets mentioned**
[Cloudflare, Inc. (NET)](/topic/cloudflare)
### Top Social Posts
Top posts by engagements in the last XX hours

"#CVE-2025-55182: RSC RCE It functions as an in-memory webshell backdoor offering a significantly more covert foothold. Please verify this again on your own endpoint"  
[X Link](https://x.com/pyn3rd/status/1996840827897954542)  2025-12-05T07:15Z 14.3K followers, 50.5K engagements


"#CVE-2025-55182 React4Shell How about Akamai WAF Even more straightforward: toss a giant junk blob upfront and the parser taps out on sight. Bloody brute force. Go verify it on your own endpointagain and again. Figure 1: shows the payload validity check. Figure 2: demonstrates the Akamai bypass"  
[X Link](https://x.com/pyn3rd/status/1997365282344677807)  2025-12-06T17:59Z 14.3K followers, 31.1K engagements


"And it turns out the PoC was fake it was generated by LLMs. The surprising part is that the latest version can still be exploited and the genuine vulnerability doesnt rely on constraints like child_process.exec or fs.writeFile. The details above are as cited by the researcher who originally discovered the vulnerability"  
[X Link](https://x.com/pyn3rd/status/1996458575175283186)  2025-12-04T05:56Z 14.3K followers, 68.3K engagements


"#CVE-2025-55182 #React2Shell Let me walk you through the technical path of the WAF bypass. When a request is sent as multipart/form-data Next.js hands the raw body stream to Busboy. The bypass comes from Busboys charset logic: it cleanly accepts UTF16LE (and legacy UCS2) and forwards the decoded bytes straight into the RSC payload deserializer. charset=base64 is a dead route that path hits base64Slice() which encodes instead of decodes corrupting the payload and killing the exploit chain. So the only viable encodings for smuggling malicious RSC payloads past WAF normalization are UTF16LE and"  
[X Link](https://x.com/pyn3rd/status/1998425479284654420)  2025-12-09T16:12Z 14.3K followers, 55.4K engagements


"#CVE-2025-55182: RSC RCE It operates as an in-memory webshell backdoor providing a much more covert foothold. Please verify this on your own endpoint again"  
[X Link](https://x.com/pyn3rd/status/1996840041780527361)  2025-12-05T07:12Z 14.3K followers, XXX engagements


"(1/2) Thanks Theres a fundamental issue here. Akamais default limit is XX KB but customers typically have no visibility into the fact that oversized junk data can be used as a bypass technique. They only learn about it after an incident and by then theyre forced to adjust the rule manually. But even then what should the new threshold be64 KB X MB or something even higher Whatever value they choose an attacker can simply increase the size of the junk blob and bypass it again"  
[X Link](https://x.com/pyn3rd/status/1997462160042324418)  2025-12-07T00:24Z 14.3K followers, 2271 engagements


"#React2Shell Someone asked which WAFs this bypass technique works on. AWS CloudFront be one answer. AWS recommends a rule that with a bit of analysis shows you can bypass using UTF-16 encoding. Heres an official AWS link for more details:"  
[X Link](https://x.com/pyn3rd/status/1998734897800716776)  2025-12-10T12:41Z 14.3K followers, 26.8K engagements


"#CVE-2025-55182: Remote Code Execution in React Server Components via a Unicode-based WAF bypass"  
[X Link](https://x.com/pyn3rd/status/1996431921736519886)  2025-12-04T04:10Z 14.3K followers, 112.6K engagements


"#CVE-2025-55182: RSC RCE Full Unicode encoding can bypass certain WAFs that lack proper decoding or normalization capabilities. Please verify this on your end"  
[X Link](https://x.com/pyn3rd/status/1996788502386909539)  2025-12-05T03:47Z 14.3K followers, 56.4K engagements


"#CVE-2025-55182 Cloudflare bumped body-buffering limits from 128KB 1MB to mitigate React2Shell since RSC defaults to 1MB though it can actually handle more. But what if its not the default Or the upstream isnt even an RSC service and accepts 1MB payloads Attackers can still toss 1MB of junk data and slide past checks. Feels like patching the symptom not the root cause. So the real question is: when the next X2Shell X4Shell or whatever comes next drops how are we supposed to defend against it"  
[X Link](https://x.com/pyn3rd/status/1997684821284495608)  2025-12-07T15:09Z 14.3K followers, 28.1K engagements


"The #React2Shell exploit bypassing WAF is clever but lets not forgetthe #JDBC attack story is far from over.😁"  
[X Link](https://x.com/pyn3rd/status/1998970403113546182)  2025-12-11T04:17Z 14.3K followers, 5477 engagements

[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]

@pyn3rd pyn3rd

pyn3rd posts on X about nextjs, llms, threshold, visibility the most. They currently have XXXXXX followers and XX posts still getting attention that total XXXXXX engagements in the last XX hours.

Engagements: XXXXXX #

X Week XXXXXXX +681%
X Months XXXXXXX +11,721%
X Year XXXXXXX +195%

Mentions: XX #

Followers: XXXXXX #

X Months XXXXXX +6.60%
X Year XXXXXX +11%

CreatorRank: XXXXXXX #

Social Influence

Social category influence technology brands stocks

Social topic influence nextjs #1, llms, threshold, visibility, capabilities, cloudflare

Top accounts mentioned or mentioned by @sudhanshur705 @dinodaizovi @pwntester @alancarriou @bugcrowd @codingo @sy1vi3 @gothburz @ryancbarnett @mrglaive @bbt_retweet @kalirsec

Top assets mentioned Cloudflare, Inc. (NET)

Top Social Posts

Top posts by engagements in the last XX hours

"#CVE-2025-55182: RSC RCE It functions as an in-memory webshell backdoor offering a significantly more covert foothold. Please verify this again on your own endpoint"
X Link 2025-12-05T07:15Z 14.3K followers, 50.5K engagements

"#CVE-2025-55182 React4Shell How about Akamai WAF Even more straightforward: toss a giant junk blob upfront and the parser taps out on sight. Bloody brute force. Go verify it on your own endpointagain and again. Figure 1: shows the payload validity check. Figure 2: demonstrates the Akamai bypass"
X Link 2025-12-06T17:59Z 14.3K followers, 31.1K engagements

"And it turns out the PoC was fake it was generated by LLMs. The surprising part is that the latest version can still be exploited and the genuine vulnerability doesnt rely on constraints like child_process.exec or fs.writeFile. The details above are as cited by the researcher who originally discovered the vulnerability"
X Link 2025-12-04T05:56Z 14.3K followers, 68.3K engagements

"#CVE-2025-55182 #React2Shell Let me walk you through the technical path of the WAF bypass. When a request is sent as multipart/form-data Next.js hands the raw body stream to Busboy. The bypass comes from Busboys charset logic: it cleanly accepts UTF16LE (and legacy UCS2) and forwards the decoded bytes straight into the RSC payload deserializer. charset=base64 is a dead route that path hits base64Slice() which encodes instead of decodes corrupting the payload and killing the exploit chain. So the only viable encodings for smuggling malicious RSC payloads past WAF normalization are UTF16LE and"
X Link 2025-12-09T16:12Z 14.3K followers, 55.4K engagements

"#CVE-2025-55182: RSC RCE It operates as an in-memory webshell backdoor providing a much more covert foothold. Please verify this on your own endpoint again"
X Link 2025-12-05T07:12Z 14.3K followers, XXX engagements

"(1/2) Thanks Theres a fundamental issue here. Akamais default limit is XX KB but customers typically have no visibility into the fact that oversized junk data can be used as a bypass technique. They only learn about it after an incident and by then theyre forced to adjust the rule manually. But even then what should the new threshold be64 KB X MB or something even higher Whatever value they choose an attacker can simply increase the size of the junk blob and bypass it again"
X Link 2025-12-07T00:24Z 14.3K followers, 2271 engagements

"#React2Shell Someone asked which WAFs this bypass technique works on. AWS CloudFront be one answer. AWS recommends a rule that with a bit of analysis shows you can bypass using UTF-16 encoding. Heres an official AWS link for more details:"
X Link 2025-12-10T12:41Z 14.3K followers, 26.8K engagements

"#CVE-2025-55182: Remote Code Execution in React Server Components via a Unicode-based WAF bypass"
X Link 2025-12-04T04:10Z 14.3K followers, 112.6K engagements

"#CVE-2025-55182: RSC RCE Full Unicode encoding can bypass certain WAFs that lack proper decoding or normalization capabilities. Please verify this on your end"
X Link 2025-12-05T03:47Z 14.3K followers, 56.4K engagements

"#CVE-2025-55182 Cloudflare bumped body-buffering limits from 128KB 1MB to mitigate React2Shell since RSC defaults to 1MB though it can actually handle more. But what if its not the default Or the upstream isnt even an RSC service and accepts 1MB payloads Attackers can still toss 1MB of junk data and slide past checks. Feels like patching the symptom not the root cause. So the real question is: when the next X2Shell X4Shell or whatever comes next drops how are we supposed to defend against it"
X Link 2025-12-07T15:09Z 14.3K followers, 28.1K engagements

"The #React2Shell exploit bypassing WAF is clever but lets not forgetthe #JDBC attack story is far from over.😁"
X Link 2025-12-11T04:17Z 14.3K followers, 5477 engagements