Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide

Torrance, United States / California, December 12th, 2025, CyberNewsWire

In December 2025, CVE-2025-55182 (React2Shell), a vulnerability in React Server Components (RSC) that enables remote code execution (RCE), was publicly disclosed. Shortly after publication, multiple security vendors reported scanning activity and suspected exploitation attempts, and CISA has since added the flaw to its Known Exploited Vulnerabilities (KEV) catalog.

React2Shell is not tied to a specific framework; rather, it stems from a structural weakness in the RSC feature that affects the broader React ecosystem. This article examines the technical foundation of React2Shell, the exposure landscape of services using RSC, observed attacker activity, and the defensive strategies organizations should adopt.

React2Shell Vulnerability Overview: A Structural Flaw Allowing RCE Without Authentication

CVE-2025-55182 is caused by a validation flaw in the deserialization process of the Flight protocol, which React Server Components use to exchange state between the server and client. An attacker can achieve RCE simply ...