CVE-2025-55182: a deep dive into the React “React2Shell” vulnerability

TL;DR

• What is it? CVE‑2025‑55182 is a critical remote code execution (RCE) vulnerability in the React Server Components (RSC) ecosystem. The bug is triggered when the server deserializes untrusted payloads received via the Flight protocol, letting an unauthenticated attacker execute arbitrary JavaScript on the server【746863522091457†L117-L122】【665706595051386†L31-L39】.
• Who’s affected? Versions 19.0, 19.1.0, 19.1.1 and 19.2.0 of the react‑server‑dom‑webpack, react‑server‑dom‑parcel and react‑server‑dom‑turbopack packages are vulnerable【665706595051386†L41-L46】. Frameworks such as Next.js, React Router, Waku, @parcel/rsc, @vitejs/plugin‑rsc and the Redwood SDK are also impacted【872420146952417†L79-L85】.
• How is it exploited? An attacker sends a crafted Flight request containing a malicious “Chunk” object. Because RSC trusts the incoming payload, it resolves the fake promise and eventually calls attacker‑controlled code, leading to arbitrary command execution on the server【616265744297636†L65-L90】. No authentication or user interaction is required【94353373351087†L526-L554】.
• Has it been exploited? Public proof‑of‑concept (PoC) exploits were released within days of disclosure. Security researchers observed active scanning and exploitation attempts beginning on 3 December 2025, with hundreds of IP addresses probing vulnerable servers【872420146952417†L60-L72】【872420146952417†L200-L208】.
• How bad is it? The CVSS score is 10.0 – the highest possible for remote code execution. Unpatched servers allow attackers to run arbitrary code, steal secrets and pivot into internal networks. Given React’s popularity, the potential blast radius is massive.
• What to do? Upgrade immediately to the patched versions 19.0.1, 19.1.2 or 19.2.1 of the affected packages【665706595051386†L49-L51】, and update downstream frameworks such as Next.js to the patched releases【872420146952417†L92-L102】. Until patching, restrict external access to server functions, deploy WAF rules to block suspicious Flight requests and monitor for signs of compromise.

Background and vulnerability description

Identification and context

CVE‑2025‑55182 was publicly disclosed on 3 December 2025 following a private bug report on 29 November【665706595051386†L31-L39】. The vulnerability affects React Server Components – a feature that allows developers to move data‑heavy logic from the client to the server to improve performance. When a client requests data, React serializes the component tree over a custom protocol called Flight. On the server side, React deserializes the Flight payload and executes the requested function. Versions 19.0 through 19.2.0 of the react‑server‑dom‑* packages unsafely trust and deserialize this payload【746863522091457†L117-L122】, allowing arbitrary objects to be created and executed.

The vulnerability is sometimes called “React2Shell” because successful exploitation yields a shell on the server. Although the official Common Vulnerabilities and Exposures (CVE) entry appears under React’s CVE (CVE‑2025‑55182), Next.js assigned its own identifier (CVE‑2025‑66478) because the framework inherits the vulnerability through its RSC support【872420146952417†L60-L72】.

Affected packages and frameworks

The core vulnerable packages include react‑server‑dom‑webpack, react‑server‑dom‑parcel and react‑server‑dom‑turbopack versions 19.0, 19.1.0, 19.1.1 and 19.2.0【665706595051386†L41-L46】. These packages underpin many popular frameworks and bundlers. According to the official advisory and Datadog’s analysis, frameworks such as Next.js (versions 15.x and 16.x), React Router, Waku, @parcel/rsc, @vitejs/plugin‑rsc and the Redwood SDK embed the vulnerable code【872420146952417†L79-L85】. Even apps that do not implement custom server functions may be affected because the vulnerable code is included transitively【665706595051386†L35-L37】.

Severity and metrics

The Common Vulnerability Scoring System (CVSS) score assigned by Meta (React’s maintainer) is 10.0 (Critical)【665706595051386†L31-L39】. The vector string (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) reflects that the attack can be executed over the network (AV:N) with low complexity (AC:L), requires no privileges (PR:N) or user interaction (UI:N), and has high impact on confidentiality, integrity and availability. The vulnerability is also listed in CISA’s Known Exploited Vulnerabilities catalog, underscoring its severity.

How the exploit works

Insecure deserialization and prototype pollution

At its core, CVE‑2025‑55182 is an unsafe deserialization flaw. React’s server handler accepts serialized Chunk objects and resolves them as JavaScript promises. OffSec researchers explain that because React fails to validate the structure of the incoming object, an attacker can craft a malicious “Chunk” with a custom then() method【616265744297636†L65-L90】. When React attempts to resolve the promise, it invokes the attacker‑controlled then() function, giving the attacker access to internal request state. By modifying internal objects, the attacker can invoke arbitrary server functions and execute system commands.

Datadog’s patch analysis shows that the root cause is a type of server‑side prototype pollution. Affected versions of React expose internal properties to attacker‑controlled data; when combined with execution paths in the React Server Components implementation, this leads to remote code execution【872420146952417†L118-L134】.

Attack chain and proof‑of‑concepts

The exploitation steps are straightforward:

1. Find an exposed server endpoint – The attacker identifies a vulnerable application that supports React Server Components or a framework that embeds the vulnerable packages. Because the attack is unauthenticated and does not require user interaction, any internet‑facing server using RSC is a potential target【94353373351087†L526-L554】.
2. Craft a malicious Flight payload – Using tools such as react2shell or publicly available scripts, the attacker creates a Flight request containing a fake Chunk object with a custom then() method. The payload also includes a _response property that sets up a command to run on the server (e.g., child_process.execSync('touch /tmp/pwned'))【616265744297636†L65-L90】.
3. Send the request – The attacker sends the crafted HTTP POST request to the vulnerable server. When React deserializes the object, it executes the then() method and runs the embedded command. Because the process runs with the privileges of the Node.js server, this often means full system compromise.
4. Pivot and persist – Once code execution is achieved, attackers can download malware, steal secrets, create persistent backdoors or move laterally within the network. Datadog observed payloads that downloaded remote scripts, exfiltrated environment variables or created new user accounts【872420146952417†L200-L208】【872420146952417†L268-L276】.

Public PoCs were released within hours of disclosure. Datadog noted that the first non‑functional PoC was quickly replaced by weaponized versions, and scanning activity spiked shortly after【872420146952417†L60-L72】【872420146952417†L200-L208】. OffSec’s analysis also demonstrates how a malicious payload can create files on disk or execute arbitrary commands【616265744297636†L65-L90】.

Potential impact and costs

Technical and operational impact

Successful exploitation yields full remote code execution on the server. Attackers can read files, exfiltrate databases, deploy ransomware or use the server as a launchpad for further attacks. Since React is used in a wide range of web applications and frameworks, the population of vulnerable systems is large. Akamai’s executive summary warns that insecure deserialization makes the bug trivial to exploit and that prototype pollution can be escalated to RCE【94353373351087†L526-L554】.

Business impact and breach costs

While no publicly confirmed data breaches have been attributed to CVE‑2025‑55182 yet, the financial consequences of any major RCE vulnerability can be severe. IBM’s Cost of a Data Breach Report 2024 found that the average breach cost climbed to USD 4.88 million in 2024, a 10 % increase over 2023【413775939758351†L175-L176】. Costs include incident response, regulatory fines, legal fees, customer notification and reputational damage. Ransomware deployments and prolonged downtime can further inflate losses.

In environments where React Server Components support critical services (e.g., corporate dashboards, content management systems or internal tools), an RCE can disrupt operations and lead to cascading failures. Attackers may also harvest credentials or secrets from environment variables, allowing them to pivot into cloud services or other applications.

Real‑world activity

Datadog observed active scanning and exploitation attempts within days of disclosure. Their telemetry recorded more than 800 IP addresses probing at least two organizations by 5 December 2025【872420146952417†L200-L208】. Although some scanning may come from security researchers, the existence of weaponized payloads indicates serious threat actors are interested. Akamai reports no confirmed widespread exploitation yet but notes that they deployed emergency rules to their Web Application Firewall (WAF) customers as a precaution【94353373351087†L526-L554】.

Patching and mitigation

Vendor patches

The React team released patches concurrently with the disclosure. Fixed versions are 19.0.1, 19.1.2 and 19.2.1【665706595051386†L49-L51】. Next.js released patched versions 15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7 and 16.0.7【872420146952417†L92-L102】. Similar upgrades are available for React Router, Waku, @parcel/rsc, @vitejs/plugin‑rsc and the Redwood SDK. If you maintain a package lock, run npm audit to identify and upgrade vulnerable dependencies【872420146952417†L92-L102】.

Patching process

1. Inventory – Identify all applications that use React Server Components, directly or indirectly. Check package manifests (package.json) for the vulnerable packages or rely on software composition analysis tools.
2. Upgrade – Update to one of the patched versions listed above. For Next.js applications, upgrade the Next.js runtime and rebuild/redeploy the app. Ensure that all server environments (development, staging and production) are patched.
3. Test and monitor – After upgrading, test your application to ensure compatibility. Monitor for any errors related to server functions. Because this bug affects server‑side behavior, pay attention to backend logs and performance.
4. Review access controls – Until patching is complete, restrict internet access to endpoints that process Flight requests. Use a VPN or IP allow‑list to limit exposure. Temporarily disabling server components may be a viable workaround for some apps.

Detection of vulnerable servers and exploit attempts

Identify vulnerable systems: Use vulnerability scanners like Tenable Nessus, Qualys VMDR or Rapid7 InsightVM. Most scanners now include plugins for CVE‑2025‑55182. You can also run npm audit or manually check the versions of the react‑server‑dom‑* packages in your dependency tree.

Detect exploitation attempts: Implement WAF rules that inspect POST requests to your server functions. Akamai suggests blocking or alerting on suspicious Flight requests and looking for base64‑encoded payloads【94353373351087†L526-L554】. In many PoCs, the malicious payload is sent via multipart/form‑data, so filtering on unusual multipart boundaries or parameters like $ACTION_0:0 may help.

Use a Security Information and Event Management (SIEM) system to correlate HTTP requests with backend errors. Unexpected crashes or log messages from React server functions immediately after a Flight request may indicate an attempted exploit. Endpoint Detection and Response (EDR) tools should monitor Node.js processes for unusual child processes (e.g., cmd.exe, bash or wget).

Monitor exploitation patterns: Datadog noted that early payloads attempted to create files (e.g., touch /tmp/rce_poc) or run benign commands, while later weaponized payloads downloaded remote scripts or exfiltrated secrets【872420146952417†L268-L276】. Watch for outbound network connections to unfamiliar domains or IP addresses and for environment variables being exfiltrated.

Additional considerations and best practices

1. Least privilege: Run your Node.js and framework processes under non‑administrative accounts. Limiting privileges reduces the blast radius of an RCE.
2. Input validation: Even though React’s core code is patched, consider performing additional validation of serialized data at the framework level. Never deserialize untrusted data without verifying its structure.
3. Defense‑in‑depth: Employ layered security controls (WAF, API gateways, runtime application self‑protection) to detect anomalies. Keep dependencies up to date and monitor vulnerability feeds.
4. Incident response: Develop a plan to isolate and rebuild servers if exploitation is suspected. Have log retention and forensic procedures in place to determine the scope of a breach.
5. Stay informed: The React team, security researchers and vendors regularly update advisories. Monitor official channels (React blog, GitHub advisories, CISA) to track any secondary issues or bypasses.

Conclusion

CVE‑2025‑55182 demonstrates how complex serialization protocols can introduce devastating vulnerabilities when input validation is insufficient. By abusing a deserialization flaw in the Flight protocol, attackers can achieve unauthenticated remote code execution in popular JavaScript frameworks and downstream applications. While the vulnerability is serious, the risk can be mitigated through prompt patching, careful monitoring and good security hygiene.

TL;DR

Identification and context

CVE‑2025‑55182 was publicly disclosed on 3 December 2025 following a private bug report on 29 November【665706595051386†L31-L39】. The vulnerability affects React Server Components – a feature that allows developers to move data‑heavy logic from the client to the server to improve performance. When a client requests data, React serializes the component tree over a custom protocol called Flight. On the server side, React deserializes the Flight payload and executes the requested function. Versions 19.0 through 19.2.0 of the react‑server‑dom‑* packages unsafely trust and deserialize this payload【746863522091457†L117-L122】, allowing arbitrary objects to be created and executed.

The vulnerability is sometimes called “React2Shell” because successful exploitation yields a shell on the server. Although the official Common Vulnerabilities and Exposures (CVE) entry appears under React’s CVE (CVE‑2025‑55182), Next.js assigned its own identifier (CVE‑2025‑66478) because the framework inherits the vulnerability through its RSC support【872420146952417†L60-L72】.

Affected packages and frameworks

The core vulnerable packages include react‑server‑dom‑webpack, react‑server‑dom‑parcel and react‑server‑dom‑turbopack versions 19.0, 19.1.0, 19.1.1 and 19.2.0【665706595051386†L41-L46】. These packages underpin many popular frameworks and bundlers. According to the official advisory and Datadog’s analysis, frameworks such as Next.js (versions 15.x and 16.x), React Router, Waku, @parcel/rsc, @vitejs/plugin‑rsc and the Redwood SDK embed the vulnerable code【872420146952417†L79-L85】. Even apps that do not implement custom server functions may be affected because the vulnerable code is included transitively【665706595051386†L35-L37】.

Severity and metrics

The Common Vulnerability Scoring System (CVSS) score assigned by Meta (React’s maintainer) is 10.0 (Critical)【665706595051386†L31-L39】. The vector string (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) reflects that the attack can be executed over the network (AV:N) with low complexity (AC:L), requires no privileges (PR:N) or user interaction (UI:N), and has high impact on confidentiality, integrity and availability. The vulnerability is also listed in CISA’s Known Exploited Vulnerabilities catalog, underscoring its severity.

How the exploit works

Technical and operational impact