CVE-2025-67489

@vitejs/plugin-rs provides React Server Components RSC support for Vite. Versions 0.5.5 and below are vulnerable to arbitrary remote code execution on the development server through unsafe dynamic imports in server function APIs loadServerAction, decodeReply, decodeAction when integrated into RSC...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 React2Shell Reproduction Environment ⚠️...

React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors

React2Shell continues to witness heavy exploitation, with threat actors leveraging the maximum-severity security flaw in React Server Components RSC to deliver cryptocurrency miners and an array of previously undocumented malware families, according to new findings from Huntress. This includes a...

Exploit for Deserialization of Untrusted Data in Facebook React

💥 React2Shell-POC 💥 !pythonhttps://img.shields.io/badge/py...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 - Next.js RSC Remote Code Execution Exploit...

CVE-2025-55182: React2Shell Analysis, Proof-of-Concept Chaos, and In-the-Wild Exploitation

CVE-2025-55182 is a CVSS 10.0 pre-authentication RCE affecting React Server Components. Amid the flood of fake proof-of-concept exploits, scanners, exploits, and widespread misconceptions, this technical analysis intends to cut through the noise...

Exploit for Deserialization of Untrusted Data in Facebook React

cve-2025-55182-poc Proof of Concept for CVE-2025-55182 "React...

CVE-2025-67489 @vitejs/plugin-rsc Remote Code Execution through unsafe dynamic imports in RSC server function APIs on development server

@vitejs/plugin-rs provides React Server Components RSC support for Vite. Versions 0.5.5 and below are vulnerable to arbitrary remote code execution on the development server through unsafe dynamic imports in server function APIs loadServerAction, decodeReply, decodeAction when integrated into RSC...

CVE-2025-67489 @vitejs/plugin-rsc Remote Code Execution through unsafe dynamic imports in RSC server function APIs on development server

@vitejs/plugin-rs provides React Server Components RSC support for Vite. Versions 0.5.5 and below are vulnerable to arbitrary remote code execution on the development server through unsafe dynamic imports in server function APIs loadServerAction, decodeReply, decodeAction when integrated into RSC...

Unauthenticated RCE in React Server Components (React2Shell)

A critical unauthenticated Remote Code Execution RCE vulnerability exists in React Server Components RSC Flight protocol. The vulnerability allows attackers to achieve prototype pollution during deserialization of RSC payloads by sending specially crafted multipart requests with "proto",...

Exploit for Deserialization of Untrusted Data in Facebook React

fix-react2shell A CLI tool to detect and fix the critical C...

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell /$$$$$$$...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 React2Shell - Proof of Concept ⚠️ SECURIT...

CISA Adds One Known Exploited Vulnerability to Catalog

Updated December 9, 2025: Check for signs of potential compromise on all internet accessible REACT instances after applying mitigations. For more information, see React Blog: Critical Security Vulnerability in React Server Componentslink is external. CISA has added one new vulnerability to its...

Exploit for Deserialization of Untrusted Data in Facebook React

🛡️ RSC Sentinel Pro Advanced React Server Components R...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Advanced Scanner !Pythonhttps://img.shields.i...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Advanced Scanner A full-featured exploitation ut...

IBM: [RCE] Remote Code Execution via React Server Components Vulnerability CVE-2025-55182

Vulnerability description not provided...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Scanner Simple command-line tool for detecting...

Exploit for Deserialization of Untrusted Data in Facebook React

🔥 RSC RCE Exploit Toolkit !Versionhttps://img.shields.io...