top of page

Critical React, Next.js flaw lets hackers execute code on servers

4 december 2025 om 15:11:54

bleepingcomputer.com

A critical vulnerability dubbed 'React2Shell' affects React Server Components (RSC) 'Flight' protocol in React and Next.js applications. The maximum severity flaw allows remote code execution without authentication. The vulnerability impacts the server-side rendering components and could allow attackers to execute arbitrary JavaScript code on servers running affected applications. This represents a significant threat to web applications built with these popular JavaScript frameworks.

Related links:

https://www.bleepingcomputer.com/news/security/critical-react2shell-flaw-in-react-nextjs-lets-hackers-run-javascript-code/

Related CVE's:

No CVEs found in this article

Related threat actors:

No threat actors found in this article

Affected products:

ReactNext.js

IOC's:

No IOCs found in this article

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page