top of page
perceptive_background_267k.jpg

Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution

Published:

3 December 2025 at 18:19:00

Alert date:

5 December 2025 at 08:03:22

Source:

thehackernews.com

Click to open the original link from this advisory

A critical vulnerability tracked as CVE-2025-55182 (React2shell) has been discovered in React Server Components (RSC) that affects both React and Next.js applications. The flaw carries a maximum CVSS score of 10.0 and allows unauthenticated remote code execution by exploiting how React decodes payloads sent to React Server Components. This vulnerability poses a severe threat to applications using RSC technology and requires immediate attention from developers and security teams.

Technical details

Mitigation steps:

Affected products:

React Server Components
React
Next.js

Related links:

https://thehackernews.com/2025/12/critical-rsc-bugs-in-react-and-nextjs.html

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page