React2Shell Deep Dive: CVE-2025-55182 Exploit Mechanics
Essential information
- Published
- 09/12/2025 17:08
- Modified
- 21/12/2025 18:51
- Tags
- 2025-12-09 CVE-2025-55182 deserialization exploit next.js rce react react2shell rsc
- Related entities
- 2 vulnerabilities (cve), 38 observables, 18 techniques (mitre), 2 malware, 7 others
Description
The critical Remote Code Execution vulnerability CVE-2025-55182, dubbed 'React2Shell', affects React Server Components (RSC) and extends beyond Next.js. Attackers are exploiting it for cloud-native initial access, credential harvesting, cryptomining, and deploying sophisticated backdoors. The vulnerability stems from improper input deserialization in RSC payloads, allowing arbitrary code execution. Exploitation has been observed across various cloud platforms, targeting containerized workloads. The exploit's mechanics involve crafting a malicious payload with self-referencing gadgets to bypass security checks during deserialization. Other frameworks using RSC, such as Waku and Vite, are also vulnerable. Urgent patching and comprehensive detection measures are crucial for affected systems.