[oss-security] React2Shell (CVE-2025-55182/CVE-2025-66478)

Thu, 04 Dec 2025 09:51:22 -0800 

A new RCE dropped last night -- React2Shell
(CVE-2025-55182/CVE-2025-66478).  The vulnerabilities kicked-off a
fire drill at $dayjob.

More reading at:

* CVE-2025-55182,
<https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components>
* CVE-2025-66478,
<https://github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp>

Reply via email to