React2Shell: Serious RCE Vulnerability Threatening the Latest Web Frameworks (CVE-2025-55182)
Overview In December 2025, a serious security vulnerability named Reach2Shell was disclosed, shaking the web development ecosystem. This vulnerability affects applications using React Server Components and the Flight protocol, allowing threat actors to execute arbitrary code on the server with a single HTTP request. It has been given a Common
Distribution of EtherRAT Malware Exploiting React2Shell Vulnerability (CVE-2025-55182)
AhnLab SEcurity intelligence Center (ASEC) recently discovered an advanced malware distribution campaign using Node.js while tracking the recently disclosed React2Shell vulnerability. This attack installs EtherRAT through multiple stages, with the ultimate goal of gaining a foothold, stealing information, and stealing cryptocurrency. After the threat actor accessed the IP address
React Server Component Security Update Advisory (CVE-2025-55182)
Overview We have released a security update to address a vulnerability in React Server Component (RSC). Users of affected products are advised to update to the latest version. Affected Products CVE-2025-55182 React-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack Version: 19.0.0React-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack Version: 19.1.0React-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack version: 19.1.1React-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack
