Remote Code Execution Vulnerability in React Server Components by Meta
CVE-2025-55182
Key Information:
- Vendor
Meta
- Vendor
- CVE Published:
- 3 December 2025
Badges
What is CVE-2025-55182?
CVE-2025-55182 refers to a serious remote code execution vulnerability found in the React Server Components developed by Meta. This vulnerability affects specific versions of React Server Components (19.0.0, 19.1.0, 19.1.1, and 19.2.0) along with associated packages such as react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The core issue lies in the insecure handling of payloads during the deserialization process from HTTP requests directed at Server Function endpoints. This flaw poses a significant risk, as it allows an attacker to potentially execute malicious code on the server without needing prior authentication, which could severely compromise the security and integrity of applications utilizing these components.
Potential Impact of CVE-2025-55182
-
Unauthorized Remote Code Execution: The vulnerability enables attackers to execute arbitrary code on the server hosting the affected components. This can lead to unauthorized access to sensitive data, manipulation of application logic, and control over the server environment.
-
Compromise of Application Integrity: Successful exploitation may allow adversaries to alter the application's behavior, insert malicious code, or create backdoors for future access. This not only jeopardizes the application's integrity but can also degrade user trust and damage the organization's reputation.
-
Wider System Vulnerabilities: Once an attacker gains a foothold through this vulnerability, they can potentially pivot to other systems within the organization's network, leading to a broader compromise. This could facilitate further malicious activities, including data breaches or launching additional attacks on other infrastructure components.
CISA has reported CVE-2025-55182
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-55182 as being exploited and is known by the CISA as enabling ransomware campaigns.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
react-server-dom-parcel 19.0.0
react-server-dom-parcel 19.1.0 <= 19.1.1
react-server-dom-parcel 19.2.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
React2Shell ransomware: Weaxor deployed on vulnerable server
Attackers deployed Weaxor ransomware less than a minute after initial access.
3 days ago
CVE-2025-55182: Initial Analysis of React2Shell Exploitations | Bitsight
CVE-2025-55182 (React2Shell) was exploited within 48 hours. Read our initial findings on attack patterns, payloads, and botnets targeting this RCE vuln.
4 days ago
HackreadCVE-2025-55182Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide
Torrance, United States / California, December 12th, 2025, CyberNewsWire In December 2025, CVE-2025-55182 (React2Shell), a vulnerability in React Server Components (RSC) that enables remote code execution...
1 week ago
References
EPSS Score
46% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 💰
Used in Ransomware
- 🦅
CISA Reported
- 🟡
Public PoC available
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 📈
Vulnerability started trending
- 👾
Exploit known to exist
- 📰
First article discovered by The Hacker News
Vulnerability published
Vulnerability Reserved