A critical 10.0 severity vulnerability, CVE-2025-55182, has been discovered in ReactJS Server Components, allowing unauthenticated remote code execution. Dubbed 'React2Shell', this exploit poses an immediate and severe threat to millions of modern React applications, including those built with frameworks like Next.js.
A critical remote code execution flaw, dubbed 'React to Shell,' has been disclosed, enabling full machine control in applications utilizing React Server Components. Scoring a maximum 10 on the CVSS scale, immediate patching is imperative for all affected frameworks.
A severe Remote Code Execution (RCE) vulnerability, scoring 10 on the CVSS scale, has been publicly disclosed in React Server Components, impacting a wide range of applications. Developers are strongly advised to update immediately to patched versions.