CVE-2025-66478

No Score

Description

Rejected reason: This CVE is a duplicate of CVE-2025-55182.

References

https://thehackernews.com/2025/12/react2shell-vulnerability-actively.html

https://nextjs.org/blog/security-update-2025-12-11

https://www.huntress.com/blog/peerblight-linux-backdoor-exploits-react2shell

https://www.databreachtoday.com/exploit-attempts-surge-for-react2shell-a-30219

https://www.infosecurity-magazine.com/news/reactjs-hit-by-react2shell/

https://www.databreachtoday.com/chinese-nation-state-groups-tied-to-react2shell-targeting-a-30201

https://www.darkreading.com/vulnerabilities-threats/react2shell-under-attack-china-nexus-groups

https://www.bleepingcomputer.com/news/security/react2shell-critical-flaw-actively-exploited-in-china-linked-attacks/

https://cyberscoop.com/attackers-exploit-react-server-vulnerability/

https://www.helpnetsecurity.com/2025/12/04/react-node-js-vulnerability-cve-2025-55182/

https://www.bleepingcomputer.com/news/security/critical-react2shell-flaw-in-react-nextjs-lets-hackers-run-javascript-code/

https://unit42.paloaltonetworks.com/cve-2025-55182-react-and-cve-2025-66478-next/

https://thehackernews.com/2025/12/critical-rsc-bugs-in-react-and-nextjs.html

https://www.tenable.com/blog/react2shell-cve-2025-55182-react-server-components-rce

Details

Source: Mitre, NVD

Published: 2025-12-03

Updated: 2025-12-03

Named Vulnerability: React2Shell

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H