React2Shell: Serious RCE Vulnerability Threatening the Latest Web Frameworks (CVE-2025-55182)
Overview
In December 2025, a serious security vulnerability named Reach2Shell was disclosed, shaking the web development ecosystem. This vulnerability affects applications using React Server Components and the Flight protocol, allowing threat actors to execute arbitrary code on the server with a single HTTP request. It has been given a Common Vulnerability Scoring System (CVSS) score of 10.0 (Critical), and its impact is significant as it can be exploited without authentication.
This post will explain the exploitation and attack flow of React2Shell (CVE-2025-55182), which involves exploiting deserialization during the Flight processing stage of React Server Components. It will also cover the vulnerability’s countermeasures.
Technical Background
React Server Components & Server Action
As of React 18, React Server Components (RSC) have been introduced experimentally. A model has been proposed that involves separating the UI into server-side rendered Server Components and Client Components, with only the interactive parts being kept as Client Components and the rest as Server Components. This approach reduces the size of the client-side JavaScript bundle and the processing load on the client. When the client makes a request to the server, the request data is serialized. The React Flight protocol is used in this serialization process.
React Flight Protocol
The React Flight protocol is a custom serialization format designed to efficiently transmit the React component tree, data, and server references (Server Reference) between the server and the client.
The Flight protocol divides data into independent units called chunks, each of which has a unique ID. When serializing data, special values and references to other chunks are represented by strings prefixed with $. This reference system is then restored to its original objects or values during the deserialization process.
The main reference types are as follows.
|
Prefix |
Type |
Description |
|---|---|---|
| $@ | Promise/Chunk | Reference to a specific ID Chunk |
| $B | Blob | Reference Blob data of a specific ID Chunk |
| $Q | Map | Reference to the Map object of a specific ID Chunk |
| $0-9a-f | Chunk ID | Reference to the chunk with a hexadecimal ID |
Table 1. Prefixes of the Flight protocol
CVE-2025-55182
The critical vulnerability in React Server Components (CVE-2025-55182, React2Shell), which was discovered this time, occurs because of unsafe deserialization of the Flight protocol payload on the server side. This means that the validation for the Flight protocol payload sent from the client to the server is not properly implemented. The key vulnerability of this attack can be categorized into three parts, and the entire attack is completed through the combination of these three vulnerabilities.
1) Injecting Fake Chunk
Internally, React manages the deserialized data as chunk objects. Chunk objects have the following properties: ‘status’, ‘value’, ‘reason’, and ‘_response’.
Figure 1. Chunk properties
In the flow of the server’s Chunk.prototype.then processing, if an attacker injects an object that looks like a Chunk and leads the status to be processed as resolved_model, the flow leads to the call to initializeModelChunk.
Figure 2. Chunk.prototype.then
Threat actors can exploit this to insert a fake chunk JSON object inside the payload, like the following payload snippet, which still calls initializeModelChunk. In this case, the “_response” part with the threat actor’s malicious payload is assigned to the _response property of chunk.
2) Accessing/Contaminating Prototype Chain through Property Path Traversal Without Verification
The Flight protocol allows users to access the properties of nested objects using paths separated by colons (:).
The issue arises after this path is processed in the getOutlinedModel function and then passed to the createModelResolver function.
Figure 3. Vulnerable createModelResolver
This code sequentially accesses the values by using each part of the reference path as a property key of an object. No validation is performed on the property names that correspond to value[path[i]]. Because there is no check using hasOwnProperty, an attacker can include JavaScript “magic properties” such as __proto__ or constructor in the path to walk up the prototype chain.
This attack technique, which pollutes the prototype of objects through user-controllable input, is called Prototype Pollution and serves as the foundation of the attack.
3) Execute code through the Function constructor gadget
The Function constructor exfiltrated through Prototype Pollution is used to override the _formData.get method within the injected fake _response object. As a result, _response._formData.get is no longer a regular get function, but the Function constructor itself that can execute strings as code.
During the parsing process of “then”:“$B1337”, the response._formData.get function is called. The response._prefix, which is passed as an argument, is a code string (or a code combination element) that can be exploited by threat actors. The created function object is executed simultaneously with the .then() call during the promise resolution process.
Figure 4. Parsing “$B” using parseModelString
Attack Scenario
Figure 5. Attack scenario flowchart
When attacks are launched with the premise that the vulnerability occurs in the environment, the following scenario can unfold. The threat actor sends a manipulated HTTP POST request to the RSC request processing path accessible from external sources. The server receives this request as part of the normal RSC processing flow and reads the data in Flight format. This allows the data to appear as “chunks” in the internal processing flow, as intended by the threat actor. In other words, the threat actor’s prepared structure naturally fits into the server’s intended “request data restoration” process.
The server then follows the reference path to find the object’s properties. If this path is not sufficiently validated, it allows the threat actor to use keys like __proto__ or constructor to escape into the prototype chain. The threat actor can exploit this to manipulate the server-side object state and establish a gadget that allows their sent string to be turned into a function and executed by reaching the Function constructor using constructor.constructor. Ultimately, when the three aforementioned vulnerabilities are connected in sequence, it allows arbitrary code execution to be carried out within a single request processing flow.
Countermeasures
The most important and fundamental solution is to update the relevant packages to a version that resolves the vulnerability and redeploy them immediately. If the packages cannot be upgraded and redeployed right away, a rule can be applied to detect and block Flight protocol payloads that contain keywords like __proto__ or constructor in the request body. While this is not a complete solution, it can help prevent known attack patterns.
In addition to updating and redeploying the block rules, it may be worth considering temporarily disabling the server action feature that is not essential to the business in order to minimize risks. Alternatively, strong user authentication and permission validation logic can be added to all server action endpoints to prevent anonymous threat actors from accessing them.
AhnLab’s Response Status
The following are the diagnostic names and engine version information of AhnLab products.
EDR Diagnosis
- InitialAccess/EDR.Event.M13379(2025.12.17.02)
- InitialAccess/EDR.Event.M13380(2025.12.17.02)
Conclusion
The CVE-2025-55182 vulnerability is a crucial case that shows how the complexity of the latest web frameworks can create unforeseen new attack vectors. This is a high-risk vulnerability that exists in the core logic of the framework/dependency (library) itself, not in the developer’s business logic, and its impact is felt throughout the entire ecosystem. Innovative technologies such as React server components and the Flight protocol have greatly enhanced development convenience, but the security threats hidden behind the complexity of their internal operations are extremely critical.
To respond to this threat, affected RSC-related packages and frameworks should be immediately updated to the latest security versions. Services that expose their Server Function/Server Action processing paths should be given a high priority for inspection. For a detailed technical analysis of this vulnerability, please refer to the “React2Shell Vulnerability Analysis Report (CVE-2025-55182) – AhnLab TIP” provided by AhnLab ATIP.
Source
- https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
- https://github.com/lachlan2k/React2Shell-CVE-2025-55182-original-poc
- https://gist.github.com/maple3142/48bc9393f45e068cf8c90ab865c0f5f3
- https://github.com/facebook/react/pull/35277/commits/e2fd5dc6ad973dd3f220056404d0ae0a8707998d?diff=split&w=0
- https://www.cve.org/CVERecord?id=CVE-2025-55182
Gain access to related IOCs and detailed analysis by subscribing to AhnLab TIP. For subscription details, click the banner below.
