Technical Advisory: React2Shell Critical Unauthenticated RCE in React (CVE-2025-55182)
Do you all think it would be wise to make an announcement about this considering how many indie devs there are here?
https://www.tenable.com/blog/react2shell-cve-2025-55182-react-server-components-rce
https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182
This is a nasty one.
https://www.tenable.com/blog/react2shell-cve-2025-55182-react-server-components-rce
https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182
This is a nasty one.
React2Shell RCE (CVE-2025-55182) Next.js (CVE-2025-66478) | Tenable®
React2Shell: A critical React flaw allowing unauthenticated RCE. Impacts include Next.js, React Router, and apps using Server Components.
wiz.io
React and Next.js are exposed to critical unauthenticated RCE via CVE-2025-55182 and CVE-2025-66478. Learn which versions are impacted and how to mitigate.
