Remote Code Execution Vulnerability in React Server Components by Meta
CVE-2025-55182
Key Information:
- Vendor
Meta
- Vendor
- CVE Published:
- 3 December 2025
Badges
What is CVE-2025-55182?
CVE-2025-55182 refers to a serious remote code execution vulnerability found in the React Server Components developed by Meta. This vulnerability affects specific versions of React Server Components (19.0.0, 19.1.0, 19.1.1, and 19.2.0) along with associated packages such as react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The core issue lies in the insecure handling of payloads during the deserialization process from HTTP requests directed at Server Function endpoints. This flaw poses a significant risk, as it allows an attacker to potentially execute malicious code on the server without needing prior authentication, which could severely compromise the security and integrity of applications utilizing these components.
Potential Impact of CVE-2025-55182
-
Unauthorized Remote Code Execution: The vulnerability enables attackers to execute arbitrary code on the server hosting the affected components. This can lead to unauthorized access to sensitive data, manipulation of application logic, and control over the server environment.
-
Compromise of Application Integrity: Successful exploitation may allow adversaries to alter the application's behavior, insert malicious code, or create backdoors for future access. This not only jeopardizes the application's integrity but can also degrade user trust and damage the organization's reputation.
-
Wider System Vulnerabilities: Once an attacker gains a foothold through this vulnerability, they can potentially pivot to other systems within the organization's network, leading to a broader compromise. This could facilitate further malicious activities, including data breaches or launching additional attacks on other infrastructure components.
CISA has reported CVE-2025-55182
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-55182 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
react-server-dom-parcel 19.0.0 <= 19.2.0
react-server-dom-turbopack 19.0.0 <= 19.2.0
react-server-dom-webpack 19.0.0 <= 19.2.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
BitdefenderCVE-2025-55182Technical Advisory: React2Shell Critical Unauthenticated RCE in React (CVE-2025-55182)
TL;DR Ransomware groups are expected to rapidly weaponize this critical (CVSS 10.
5 hours ago
The Hacker NewsCVE-2025-55182React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors
Critical React Server Components flaw (CVE-2025-55182) fuels automated attacks dropping miners and multiple new Linux malware families.
17 hours ago
The Hacker NewsCVE-2025-55182North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware
North Korea-linked attackers exploit CVE-2025-55182 to deploy EtherRAT, a smart-contract-based RAT with multi-stage persistence.
2 days ago
References
EPSS Score
77% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 💰
Used in Ransomware
- 🦅
CISA Reported
- 🟡
Public PoC available
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 📈
Vulnerability started trending
- 👾
Exploit known to exist
- 📰
First article discovered by The Hacker News
Vulnerability published
Vulnerability Reserved