Detections
Analytics
CVE-2025-55182
critical
Description
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
References
https://www.bitsight.com/blog/rondodox-botnet-infrastructure-analysis
https://www.infosecurity-magazine.com/news/cloud-attackers-prefer-exploits/
https://www.helpnetsecurity.com/2026/02/25/edge-infrastructure-attacks-internet-wide-exploitation/
https://thehackernews.com/2026/02/wormable-xmrig-campaign-uses-byovd.html
https://www.databreachtoday.com/ai-generated-malware-exploits-react2shell-for-tiny-profit-a-30734
https://thehackernews.com/2026/02/teampcp-worm-exploits-cloud.html
https://thehackernews.com/2026/02/hackers-exploit-react2shell-to-hijack.html
https://www.securityweek.com/cryptominers-reverse-shells-dropped-in-recent-react2shell-attacks/
https://www.greynoise.io/blog/unmasking-cisas-hidden-kev-ransomware-updates
https://www.infosecurity-magazine.com/news/rondodox-botnet-targets-hpe/
https://www.labs.greynoise.io/grimoire/2026-01-10-weekly-oast-report/
https://cyberscoop.com/vercel-cto-security-react2shell-vulnerability/
https://www.securityweek.com/rondodox-botnet-exploiting-react2shell-vulnerability/
https://www.databreachtoday.com/rondodox-botnet-exploiting-devices-react2shell-flaw-a-30436
https://thehackernews.com/2026/01/rondodox-botnet-exploits-critical.html
https://www.helpnetsecurity.com/2025/12/18/miggo-research-waf-vulnerability-bypass/
https://thehackernews.com/2025/12/react2shell-vulnerability-actively.html
https://isc.sans.edu/diary/rss/32572
https://www.theregister.com/2025/12/12/vulnerable_react_instances_unpatched/
https://www.theregister.com/2025/12/12/new_react_secretleak_bugs/
https://www.darkreading.com/threat-intelligence/react2shell-exploits-flood-internet-attacks-continue
https://thehackernews.com/2025/12/new-react-rsc-vulnerabilities-enable.html
https://www.securityweek.com/wide-range-of-malware-delivered-in-react2shell-attacks/
https://securelist.com/cve-2025-55182-exploitation/118331/
https://www.securityweek.com/react2shell-attacks-linked-to-north-korean-hackers/
https://www.infosecurity-magazine.com/news/react2shell-exploit-campaigns/
https://www.huntress.com/blog/peerblight-linux-backdoor-exploits-react2shell
https://www.bitdefender.com/en-us/blog/labs/cve-2025-55182-exploitation-hits-the-smart-home
https://thehackernews.com/2025/12/north-korea-linked-actors-exploit.html
https://therecord.media/researchers-track-dozens-react2shell-vuln
Details
Published: 2025-12-03
Updated: 2025-12-06
Named Vulnerability: React2ShellKnown Exploited Vulnerability (KEV)
Risk Information
CVSS v2
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Severity: Critical
CVSS v3
Base Score: 10
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity: Critical
EPSS
EPSS: 0.65077
Vulnerability Watch
Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.
Vulnerability of Interest