Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell A CLI tool to exploit prototype pollution vulnerab...

Denial Of Service (DoS)

react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack, and next.js are vulnerable to Denial-Of-Service DoS vulnerability. The vulnerability is due to unsafe deserialization of payloads sent to React Server Components Server Function endpoints, where a crafted HTTP request...

Information Disclosure

react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack, next and vitejs/plugin-rsc is vulnerable to an Information Disclosure. The vulnerability is due to unsafe handling of stringified arguments in React Server Components RSC Server Functions, where a specifically crafted...

Exploit for Deserialization of Untrusted Data in Facebook React

ReactOOPS - HTB Web Challenge Writeup...

Exploit for Deserialization of Untrusted Data in Facebook React

next88 - React Server Components RCE Scanner High-performance...

Exploit for Deserialization of Untrusted Data in Facebook React

No d...

Exploit for CVE-2025-55183

React Server Components Security Lab CVE-2025-55183 & CVE-202...

Metasploit Wrap-Up 12/12/2025

React2shell Module As you may have heard, on December 3, 2025, the React team announced a critical Remote Code Execution RCE vulnerability in servers using the React Server Components RSC Flight protocol. The vulnerability, tracked as CVE-2025-55182, carries a CVSS score of 10.0 and is informally...

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell CVE-2025-55182 Scanner & Exploit Toolkit for Next...

Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up

It was discovered that the fix for CVE-2025-55184 in React Server Components was incomplete and did not fully mitigate denial-of-service conditions across all payload types. As a result, certain crafted inputs could still trigger excessive resource consumption. This vulnerability affects React...

GHSA-5J59-XGG2-R9C4 Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up

It was discovered that the fix for CVE-2025-55184 in React Server Components was incomplete and did not fully mitigate denial-of-service conditions across all payload types. As a result, certain crafted inputs could still trigger excessive resource consumption. This vulnerability affects React...

GHSA-C6M7-Q6PR-C64R Vite Plugin React has a Source Code Exposure Vulnerability in React Server Components

Impact @vitejs/plugin-rsc vendors react-server-dom-webpack, which contained a vulnerability in versions prior to 19.2.3. See details in React repository's advisory https://github.com/facebook/react/security/advisories/GHSA-925w-6v3x-g4j4 Patches Upgrade immediately to @vitejs/[email protected] or...

EUVD-2025-203104

Vite Plugin React has a Source Code Exposure Vulnerability in React Server Components...

Vite Plugin React has a Source Code Exposure Vulnerability in React Server Components

Impact @vitejs/plugin-rsc vendors react-server-dom-webpack, which contained a vulnerability in versions prior to 19.2.3. See details in React repository's advisory https://github.com/facebook/react/security/advisories/GHSA-925w-6v3x-g4j4 Patches Upgrade immediately to @vitejs/[email protected] or...

Exploit for Deserialization of Untrusted Data in Facebook React

No d...

EUVD-2025-203105

Vite Plugin React has a Denial of Service Vulnerability in React Server Components...

GHSA-CPQF-F22C-R95X Vite Plugin React has a Denial of Service Vulnerability in React Server Components

Impact @vitejs/plugin-rsc vendors react-server-dom-webpack, which contained a vulnerability in versions prior to 19.2.3. See details in React repository's advisory https://github.com/facebook/react/security/advisories/GHSA-7gmr-mq3h-m5h9 Patches Upgrade immediately to @vitejs/[email protected] or...

Vite Plugin React has a Denial of Service Vulnerability in React Server Components

Impact @vitejs/plugin-rsc vendors react-server-dom-webpack, which contained a vulnerability in versions prior to 19.2.3. See details in React repository's advisory https://github.com/facebook/react/security/advisories/GHSA-7gmr-mq3h-m5h9 Patches Upgrade immediately to @vitejs/[email protected] or...

Denial of Service Vulnerability in React Server Components

Impact It was found that the fix to address CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. We recommend updating immediately. The vulnerability exists in versions 19.0.2, 19.1.3, and 19.2.2 of: - react-server-dom-webpac...

@cedarjs/api-server (>=1.0.0-canary.12879 <=1.0.0-canary.12881), @cedarjs/cli (>=1.0.0-canary.12879 <=1.0.0-canary.12881) +10 more potentially affected by CVE-2025-67779 via react-server-dom-webpack (=19.2.2)

react-server-dom-webpack NPM version =19.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on react-server-dom-webpack and may be impacted: - @cedarjs/api-server =1.0.0-canary.12879, =1.0.0-canary.12879, =1.0.0-canary.12879, =1.0.0-canary.12879,...