top of page
perceptive_background_267k.jpg

Critical React, Next.js flaw lets hackers execute code on servers

Published:

4 december 2025 om 15:11:54

Alert date:

5 december 2025 om 08:03:23

Source:

bleepingcomputer.com

Click to open the original link from this advisory

A critical vulnerability dubbed 'React2Shell' affects React Server Components (RSC) Flight protocol in React and Next.js applications. The maximum severity flaw allows remote code execution without authentication. The vulnerability exists in the server-side rendering components and can be exploited by attackers to execute arbitrary JavaScript code on vulnerable servers. This affects applications built with React and Next.js frameworks that utilize React Server Components. The flaw represents a significant security risk for web applications using these popular JavaScript frameworks.

Technical details

Mitigation steps:

Affected products:

React
Next.js
React Server Components

Related links:

https://www.bleepingcomputer.com/news/security/critical-react2shell-flaw-in-react-nextjs-lets-hackers-run-javascript-code/

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page