top of page
perceptive_background_267k.jpg

Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components

Published:

15 December 2025 at 19:35:00

Alert date:

15 December 2025 at 22:01:46

Source:

microsoft.com

Click to open the original link from this advisory

CVE-2025-55182, also known as React2Shell, is a critical pre-authentication remote code execution vulnerability affecting React Server Components and related frameworks. The vulnerability also includes CVE-2025-66478, which was merged into the main CVE. This represents a significant security risk as it allows attackers to execute code remotely without authentication. Microsoft has published guidance on defending against this vulnerability. The issue affects React Server Components, which are widely used in modern web applications. Organizations using React-based frameworks should prioritize patching and implementing defensive measures.

Technical details

Mitigation steps:

Affected products:

React Server Components

Related links:

https://www.microsoft.com/en-us/security/blog/2025/12/15/defending-against-the-cve-2025-55182-react2shell-vulnerability-in-react-server-components/
https://www.microsoft.com/en-us/security/blog

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page