CVE-2025-55182: React2Shell Analysis, Proof-of-Concept Chaos, and In-the-Wild Exploitation


Trend Micro researchers have previously published a blog on what organizations need to know about the actively exploited CVE-2025-55182, which is a critical (CVSS 10.0) pre-authentication remote code execution vulnerability affecting React Server Components (RSC) used in React.js, Next.js, and related frameworks.

RSC is a modern architecture where UI components run on the server instead of the browser, reducing JavaScript sent to clients. RSC communicate between client and server using a serialization protocol called “React Flight.” This protocol enables streaming of complex data structures that mirror the React component tree, allowing UIs to render progressively while awaiting backend responses. The sum of which can be called the RSC payload. Think of it as an RPC-over-HTTP mechanism where clients send “chunks” of serialized data to Server Functions.

Read more…
Source: Trend Micro


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Cisco Warns of Critical Vulnerability Revealed in ‘Vault 7’ Data Dump

    March 20, 2017

    Cisco Systems warned customers on Friday of a critical vulnerability that could allow an attacker to execute arbitrary code and obtain full control on more than 300 different models of its switches and routers. Cisco said it became aware of the vulnerability after WikiLeaks released its Vault 7 cache of documents that revealed the existence ...