🔴 CVE-2025-55182

Key Sources:

• GitHub - Spritualkb/CVE-2025-55182-exp: CVE-2025-55182 React...

  CVE-2025-55182 is a critical Remote Code Execution (RCE) vulnerability in React Server Components (RSC) affecting Next.js applications using App Router with Server Actions. The vulnerability exists in the Flight protocol deserialization process, allowing attackers to achieve arbitrary code execution through prototype pollution.

• CVE-2025-55182 Attack Analysis: React Server Components RCE - GitHub

  Executive Summary On December 5, 2025, our production Next.js application was targeted by attackers exploiting CVE-2025-55182 (React2Shell), a critical Remote Code Execution vulnerability in React Server Components. The attack attempted to download and execute a Linux backdoor trojan on our server.

• Dangerous RCE Flaw in React, Next.js Threatens Cloud Environments ...

  Google wrote that it rolled out a new rule for its Cloud Armor web application firewall created to detect and block CVE-2025-55182-related exploitation attempts. Available now, it aims to protect internet-facing applications and services that use global or regional application load balancers.

• CVE-2025-55182: RCE in React Server Components

  AWS is aware of the recently disclosed CVE-2025-55182 which affects the React Server Flight protocol in React versions 19.0, 19.1, and 19.2, as well as in Next.js versions 15.x, 16.x, Next.js 14.3.0-canary.77 and later canary releases when using App Router. This issue may permit unauthorized remote code execution (RCE) on affected applications servers.

• Protect against React RSC CVE-2025-55182 with Azure Web Application ...

  On December 3, 2025, the React team disclosed a critical remote code execution (RCE) vulnerability in React Server Components (RSC), tracked as CVE-2025-55182. The vulnerability allows an unauthenticated attacker to send a specially crafted request to an RSC “Server Function” endpoint and potentially execute arbitrary code on the server.