A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution.
The vulnerability, tracked as CVE-2025-55182, carries a CVSS score of 10.0. The vulnerability has been codenamed React2shell.
It allows “unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Server Function endpoints,” the React Team said in an alert issued today.
“Even if your app does not implement any React Server Function endpoints, it may still be vulnerable if your app supports React Server Components.”
According to cloud security firm Wiz, the issue is a case of logical deserialization that stems from processing RSC payloads in an unsafe manner. As a result, an unauthenticated attacker could craft a malicious HTTP request to any Server Function endpoint that, when deserialized by React, achieves execution of arbitrary JavaScript code on the server.
“The issue stems from unsafe handling of serialized payloads in the React Flight protocol,” software supply chain security company Aikido said. “Malformed or adversarial payloads can influence server-side execution in unintended ways. Patched React versions include stricter validation and hardened deserialization behavior.”
The vulnerability impacts versions 19.0, 19.1.0, 19.1.1, and 19.2.0 of the following npm packages –
- react-server-dom-webpack
- react-server-dom-parcel
- react-server-dom-turbopack
It has been addressed in versions 19.0.1, 19.1.2, and 19.2.1. New Zealand-based security researcher Lachlan Davidson has been credited with discovering and reporting the flaw to Meta on November 29, 2025. The social media giant originally created and maintained the JavaScript library before moving it to the React Foundation in October 2025.
It’s worth noting that the vulnerability also affects Next.js using App Router. The issue has been assigned the CVE identifier CVE-2025-66478 (CVSS score: 10.0). It impacts versions >=14.3.0-canary.77, >=15, and >=16. Patched versions are 16.0.7, 15.5.7, 15.4.8, 15.3.6, 15.2.6, 15.1.9, and 15.0.5.
That said, any library that bundles RSC is likely to be affected by the flaw. This includes, but is not limited to, Vite RSC plugin, Parcel RSC plugin, React Router RSC preview, RedwoodJS, and Waku.
Endor Labs, Miggo Security, and VulnCheck have all emphasized that no special setup is required to weaponize the flaw, adding that it’s exploitable both without requiring a login and over HTTP.
“An attacker needs only network access to send a crafted HTTP request to any Server Function endpoint,” Endor Labs said. “The vulnerability affects default framework configurations, meaning standard deployments are immediately exploitable without special conditions.”
Until patches can be applied, it’s recommended to deploy Web Application Firewall (WAF) rules if available, monitor HTTP traffic to Server Function endpoints for any suspicious or malformed request, and consider temporarily restricting network access to affected applications.
Web infrastructure provider Cloudflare said it has deployed a new safeguard in its cloud-based WAF solution to address CVE-2025-55182. It noted that all customers on free and paid plans are protected “as long as their React application traffic is proxied” through the service.
Wiz said 39% of cloud environments have instances vulnerable to CVE-2025-55182 and/or CVE-2025-66478. In light of the severity of the vulnerability, it’s advised that users apply the fixes as soon as possible for optimal protection.
Justin Moore, senior manager of threat intel research at Palo Alto Networks Unit 42, said more than 968,000 servers running modern frameworks like React and Next.js have been identified, exposing a lucrative attack surface that’s ripe for exploitation.
“This newly discovered flaw is a critical threat because it is a master key exploit, succeeding not by crashing the system, but by abusing its trust in incoming data structures,” Moore said. “The system executes the malicious payload with the same reliability as legitimate code because it operates exactly as intended, but on malicious input.”
(The story was updated after publication to include additional insights.)