Exploit for Deserialization of Untrusted Data in Facebook React

FiberBreak Exploitation tool for CVE-2025-55182 React2Shell...

CVE-2025-68155

creationtimestamp| type| source ---|---|--- 2025-12-16 09:11:25+00:00| published-proof-of-concept| https://github.com/vitejs/vite-plugin-react/security/advisories/GHSA-g239-q96q-x4qm...

Exploit for Deserialization of Untrusted Data in Facebook React

Next.js CVE-2025-55182 Proof of Concept This is a proof-of-co...

Vite Plugin React 安全漏洞

Vite Plugin React is an open source plugin for Vite. A security vulnerability exists in Vite Plugin React versions prior to 0.5.8 that stems from an arbitrary file read vulnerability in the /viterscfindSourceMapURL endpoint...

Security Bulletin: QRadar Suite Software includes components with a known vulnerability

Summary QRadar Suite Software includes components with a known vulnerability in React Server Components. This has been addressed in the update. Vulnerability Details CVEID:CVE-2025-55182 DESCRIPTION: A pre-authentication remote code execution vulnerability exists in React Server Components versio...

EUVD-2025-203449

LikeC4 has RCE through vulnerable React and Next.js versions...

GHSA-VR6P-VQ2P-6J74 Withdrawn Advisory: LikeC4 has RCE through vulnerable React and Next.js versions

Withdrawn Advisory This advisory has been withdrawn because LikeC4 isn’t impacted by CVE-2025-55182 because it doesn’t ship React. React is a peer dependency. Original Description LikeC4 uses React and Next.js: which contain known RCE vulnerabilities, as seen in CVE-2025-55182. 2025-12-15 Edit: t...

Withdrawn Advisory: LikeC4 has RCE through vulnerable React and Next.js versions

Withdrawn Advisory This advisory has been withdrawn because LikeC4 isn’t impacted by CVE-2025-55182 because it doesn’t ship React. React is a peer dependency. Original Description LikeC4 uses React and Next.js: which contain known RCE vulnerabilities, as seen in CVE-2025-55182. 2025-12-15 Edit: t...

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell CVE-2025-55182 — Local RSC Security Demo ⚠️ W...

Security Bulletin: IBM Concert is vulnerable to remote code execution due to React (CVE-2025-55182)

Summary IBM Concert uses React which is vulnerable to remote code execution. Vulnerability Details CVEID:CVE-2025-55182 DESCRIPTION: A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following...

Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components

CVE-2025-55182 also referred to as React2Shell and includes CVE-2025-66478, which was merged into it is a critical pre-authentication remote code execution RCE vulnerability affecting React Server Components, Next.js, and related frameworks. With a CVSS score of 10.0, this vulnerability could all...

Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components

CVE-2025-55182 also referred to as React2Shell and includes CVE-2025-66478, which was merged into it is a critical pre-authentication remote code execution RCE vulnerability affecting React Server Components, Next.js, and related frameworks. With a CVSS score of 10.0, this vulnerability could all...

Exploit for Deserialization of Untrusted Data in Facebook React

Exploitest This repository serves as a cent...

Exploit for Deserialization of Untrusted Data in Facebook React

No d...

Exploit for CVE-2025-55183

React Server Components 취약점 테스트 React Server Components RSC...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 - React Server Components RCE NOTE: Written b...

Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide

Torrance, United States / California, December 12th, 2025, CyberNewsWire In December 2025, CVE-2025-55182 React2Shell, a vulnerability in React…...

CVE-2025-55183

A flaw was found in React Server Components RSC. This vulnerability allows an information leak, where a specifically crafted HTTP Hypertext Transfer Protocol request to a vulnerable Server Function can unsafely return its source code. Exploitation requires a Server Function that explicitly or...

CVE-2025-67779

A flaw was found in React Server Components. This vulnerability allows a denial of service via unsafe deserialization of payloads from HTTP Hypertext Transfer Protocol requests to Server Function endpoints. A malicious HTTP request can be crafted and sent to any App Router endpoint that, when...

CVE-2025-55184

A flaw was found in React Server Components. This vulnerability allows a denial of service via unsafe deserialization of payloads from HTTP Hypertext Transfer Protocol requests to Server Function endpoints. A malicious HTTP request can be crafted and sent to any App Router endpoint that, when...