Remote Code Execution Vulnerability in React Server Components by Meta
CVE-2025-55182
Key Information:
- Vendor
Meta
- Vendor
- CVE Published:
- 3 December 2025
Badges
What is CVE-2025-55182?
CVE-2025-55182 refers to a serious remote code execution vulnerability found in the React Server Components developed by Meta. This vulnerability affects specific versions of React Server Components (19.0.0, 19.1.0, 19.1.1, and 19.2.0) along with associated packages such as react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The core issue lies in the insecure handling of payloads during the deserialization process from HTTP requests directed at Server Function endpoints. This flaw poses a significant risk, as it allows an attacker to potentially execute malicious code on the server without needing prior authentication, which could severely compromise the security and integrity of applications utilizing these components.
Potential Impact of CVE-2025-55182
-
Unauthorized Remote Code Execution: The vulnerability enables attackers to execute arbitrary code on the server hosting the affected components. This can lead to unauthorized access to sensitive data, manipulation of application logic, and control over the server environment.
-
Compromise of Application Integrity: Successful exploitation may allow adversaries to alter the application's behavior, insert malicious code, or create backdoors for future access. This not only jeopardizes the application's integrity but can also degrade user trust and damage the organization's reputation.
-
Wider System Vulnerabilities: Once an attacker gains a foothold through this vulnerability, they can potentially pivot to other systems within the organization's network, leading to a broader compromise. This could facilitate further malicious activities, including data breaches or launching additional attacks on other infrastructure components.
CISA has reported CVE-2025-55182
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-55182 as being exploited and is known by the CISA as enabling ransomware campaigns.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
react-server-dom-parcel 19.0.0
react-server-dom-parcel 19.1.0 <= 19.1.1
react-server-dom-parcel 19.2.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
React2Shell flaw (CVE-2025-55182) exploited for remote code execution
The availability of exploit code will likely lead to more widespread opportunistic attacks
1 day ago
Cyber Security NewsCVE-2025-55182Hackers Launched 8.1 Million Attack Sessions to React2Shell Vulnerability
The React2Shell vulnerability (CVE-2025-55182) continues to face a relentless exploitation campaign, with threat actors launching more than 8.1 million attack sessions since its initial disclosure.
1 week ago
gbhackers.comCVE-2025-55182React2Shell Vulnerability Hit by 8.1 Million Attack Attempts
The React Server Components (RSC) "Flight" protocol remote code execution vulnerability, tracked as CVE-2025-55182 and publicly referred to as "React2Shell,"
1 week ago
References
EPSS Score
55% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 💰
Used in Ransomware
- 🦅
CISA Reported
- 🟡
Public PoC available
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 📈
Vulnerability started trending
- 👾
Exploit known to exist
- 📰
First article discovered by The Hacker News
Vulnerability published
Vulnerability Reserved