HomeCritical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code ExecutionUncategorizedCritical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution

Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution

A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution. […]

December 4, 2025
Uncategorized
1 min read

A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution.
The vulnerability, tracked as CVE-2025-55182, carries a CVSS score of 10.0. The vulnerability has been codenamed React2shell.
It allows “unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React

Leave a Reply

Your email address will not be published. Required fields are marked *

Contact Us
This is a staging environment