Exploit for CVE-2025-55182

CVE-2025-55182 / CVE-2025-66478 Vulnerability Scanner React...

VulnCheck KEV: CVE-2025-55182

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes...

React Server Components 19.0 / 19.1.0 / 19.1.1 / 19.2.0 Remote Code Execution (React2Shell)

React Server Components react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack versions 19.0, 19.1.0, 19.1.1, and 19.2.0 are vulnerable to an Unauthenticated Remote Code Execution. An attacker can exploit a flaw in how React decodes payloads sent to React Server Functio...

Exploit for CVE-2025-55182

CVE-2025-55182 and CVE-2025-66478 Technical Analysis of Ar...

Exploit for CVE-2025-55182

CVE-2025-55182 Surface Scanner A lightweight, non-intrusive P...

Exploit for CVE-2025-55182

CVE-2025-55182 - React Server Components RCE Exploit Python C...

Exploit for CVE-2025-55182

CVE-2025-55182 - React Server Components RCE Exploit Python C...

Exploit for CVE-2025-55182

CVE-2025-55182 - React Server Components RCE NOTE: Written b...

Exploit for CVE-2025-55182

CVE-2025-55182 - React Server Components Pre-Auth RCE Exec...

Exploit for CVE-2025-55182

CVE-2025-55182 Proof-of-concept exploit for CVE-2025-55182, a...

EUVD-2025-200982

React Server Components are Vulnerable to RCE...

GHSA-FMH4-WR37-44FP React Server Components are Vulnerable to RCE

Summary @vitejs/plugin-rsc vendors react-server-dom-webpack, which contained an unauthenticated remote code execution vulnerability in versions prior to 19.0.1, 19.1.2, and 19.2.1. See details in React repository's advisory https://github.com/facebook/react/security/advisories/GHSA-fv66-9v8q-g76r...

React Server Components are Vulnerable to RCE

Summary @vitejs/plugin-rsc vendors react-server-dom-webpack, which contained an unauthenticated remote code execution vulnerability in versions prior to 19.0.1, 19.1.2, and 19.2.1. See details in React repository's advisory https://github.com/facebook/react/security/advisories/GHSA-fv66-9v8q-g76r...

GHSA-FV66-9V8Q-G76R React Server Components are Vulnerable to RCE

Impact There is an unauthenticated remote code execution vulnerability in React Server Components. We recommend upgrading immediately. The vulnerability is present in versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 of: react-server-dom-webpack react-server-dom-parcel react-server-dom-turbopack Patche...

React Server Components are Vulnerable to RCE

Impact There is an unauthenticated remote code execution vulnerability in React Server Components. We recommend upgrading immediately. The vulnerability is present in versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 of: react-server-dom-webpack react-server-dom-parcel react-server-dom-turbopack Patche...

@amazeelabs/bridge-waku (>=1.1.9 <=2.0.1), @amazeelabs/executors (>=3.1.12 <=3.1.14) +8 more potentially affected by CVE-2025-55182 via react-server-dom-webpack (=19.0.0)

react-server-dom-webpack NPM version =19.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on react-server-dom-webpack and may be impacted: - @amazeelabs/bridge-waku =1.1.9, =3.1.12, =1.4.7, =1.1.3, =0.0.0-next-20250108080920, =0.0.0-next-20250108080920...

Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution

A maximum-severity security flaw has been disclosed in React Server Components RSC that, if successfully exploited, could result in remote code execution. The vulnerability, tracked as CVE-2025-55182, carries a CVSS score of 10.0. The vulnerability has been codenamed React2shell. It allows...

Exploit for CVE-2025-55182

GitHub CVE Scanner 🔍 Quickly scan GitHub repositories for c...

Arbitrary Code Injection

Overview next is a react framework. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsafe deserialization of RSC payloads from HTTP requests to Server Function endpoints. An unauthenticated attacker can execute arbitrary code on the server by sending malicious HT...

Arbitrary Code Injection

Overview react-server-dom-webpack is a React Server Components bindings for DOM using Webpack. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsafe deserializatio...