Exploit for CVE-2025-66478

Next.js-RSC-RCE-Scanner-CVE-2025-66478 CVE-2025-66478 Next.js...

PT-2025-50722

Name of the Vulnerable Software and Affected Versions React versions 19.0.0 through 19.2.1 react-server-dom-parcel versions 19.0.0 through 19.2.1 react-server-dom-turbopack versions 19.0.0 through 19.2.1 react-server-dom-webpack versions 19.0.0 through 19.2.1 Description An information leak issue...

Meta React Server Components 安全漏洞

Meta React Server Components is a series of components from Meta USA. A security vulnerability exists in Meta React Server Components versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1, which stems from insecure deserialization of HTTP request loads and could lead to an infinite...

React Server Components deserialization vulnerability

Added: 12/11/2025 Background React is a Javascript library for building user interfaces. React Server Components are React components designed for running on web servers. Problem A deserialization vulnerability in React Server Components allows a remote attacker to execute arbitrary commands by...

React Server Components deserialization vulnerability

Added: 12/11/2025 Background React is a Javascript library for building user interfaces. React Server Components are React components designed for running on web servers. Problem A deserialization vulnerability in React Server Components allows a remote attacker to execute arbitrary commands by...

Exploit for Deserialization of Untrusted Data in Facebook React

R2SAE - React2Shell Auto-Exploit A Firefox extension...

CVE-2025-67489

@vitejs/plugin-rs provides React Server Components RSC support for Vite. Versions 0.5.5 and below are vulnerable to arbitrary remote code execution on the development server through unsafe dynamic imports in server function APIs loadServerAction, decodeReply, decodeAction when integrated into RSC...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 React2Shell Reproduction Environment ⚠️...

React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors

React2Shell continues to witness heavy exploitation, with threat actors leveraging the maximum-severity security flaw in React Server Components RSC to deliver cryptocurrency miners and an array of previously undocumented malware families, according to new findings from Huntress. This includes a...

Exploit for Deserialization of Untrusted Data in Facebook React

💥 React2Shell-POC 💥 !pythonhttps://img.shields.io/badge/py...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Checker A portable Bash script to detect vulne...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 - Next.js RSC Remote Code Execution Exploit...

CVE-2025-55182: React2Shell Analysis, Proof-of-Concept Chaos, and In-the-Wild Exploitation

CVE-2025-55182 is a CVSS 10.0 pre-authentication RCE affecting React Server Components. Amid the flood of fake proof-of-concept exploits, scanners, exploits, and widespread misconceptions, this technical analysis intends to cut through the noise...

Exploit for Deserialization of Untrusted Data in Facebook React

cve-2025-55182-poc Proof of Concept for CVE-2025-55182 "React...

CVE-2025-67489 @vitejs/plugin-rsc Remote Code Execution through unsafe dynamic imports in RSC server function APIs on development server

@vitejs/plugin-rs provides React Server Components RSC support for Vite. Versions 0.5.5 and below are vulnerable to arbitrary remote code execution on the development server through unsafe dynamic imports in server function APIs loadServerAction, decodeReply, decodeAction when integrated into RSC...

CVE-2025-67489 @vitejs/plugin-rsc Remote Code Execution through unsafe dynamic imports in RSC server function APIs on development server

@vitejs/plugin-rs provides React Server Components RSC support for Vite. Versions 0.5.5 and below are vulnerable to arbitrary remote code execution on the development server through unsafe dynamic imports in server function APIs loadServerAction, decodeReply, decodeAction when integrated into RSC...

Unauthenticated RCE in React Server Components (React2Shell)

A critical unauthenticated Remote Code Execution RCE vulnerability exists in React Server Components RSC Flight protocol. The vulnerability allows attackers to achieve prototype pollution during deserialization of RSC payloads by sending specially crafted multipart requests with "proto",...

Exploit for Deserialization of Untrusted Data in Facebook React

fix-react2shell A CLI tool to detect and fix the critical C...

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell /$$$$$$$...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 React2Shell - Proof of Concept ⚠️ SECURIT...