CVE-2025-55182: Frequently Asked Questions About React2Shell: React Server Components Remote Code Execution Vulnerability
www.tenable.com
React2Shell: A critical React flaw allowing unauthenticated RCE. Impacts include Next.js, React Router, and apps using Server Components.

I got an email from Vercel urging to upgrade Next.js based project 3 days ago. POC was published 2 days ago. Today I’ve checked my logs and I could already see attack attempts.

  • TrumpetX@programming.devEnglish
    7·
    1 day ago

    We were very lucky that our usage was on the literal version before the affected version. Dodged a bullet.