A curated list of resources regarding CVE-2025-55182, the critical Remote Code Execution (RCE) vulnerability in React Server Components known as "React2Shell".
Objective: To document the history, mechanics, and remediation of the React2Shell vulnerability for researchers and security engineers.
- Core Intelligence
- Research & Analysis
- Detection & Defense
- Community & Discussion
- Exploitation
- Media & Threat Intel
Official documentation and severity scoring.
- NVD - CVE-2025-55182 Detail - The official Common Vulnerability Scoring System (CVSS 10.0) entry and affected versions.
- GitHub Security Advisory GHSA-fv66-9v8q-g76r - Details the vulnerable packages:
react-server-dom-webpack,parcel, andturbopack. - Next.js Security Advisory (CVE-2025-66478) - Advisory tracking the downstream impact on Next.js applications using the App Router.
Technical deep dives into the root cause, exploitation chains, and the "Flight" protocol.
- React2Shell: Critical React Vulnerability - Deep technical analysis by Wiz Research on the unsafe deserialization flaw.
- RCE via Flight Payload Deserialization - In-depth post from Offensive Security explaining the attack using Chunk objects and promise resolution.
- CVE-2025-55182 (React2Shell): Remote code execution in React Server Components - Datadog Security Labs analysis, including observed PoC injection parameters.
Rules, scripts, and WAF configurations to protect infrastructure.
- GitHub - Vercel Labs / fix-react2shell-next - Official Codemod by Vercel to automatically detect and patch vulnerable Next.js applications.
- Cloudflare WAF proactively protects against React vulnerability - All Cloudflare customers are automatically protected, including those on free and paid plans, as long as their React application traffic is proxied through the Cloudflare Web Application Firewall (WAF).
- Responding to CVE-2025-55182 - Guidance from Google Cloud on using Cloud Armor
cve-canaryWAF rules. - Fastly's Proactive Protection - Details on Fastly's WAF signals and virtual patching to gain time for patching.
Real-time analysis, threads, and commentary from the security community.
- @maple3142 (Dec 4, 2025) - Release of the first working Proof of Concept (PoC) for Next.js 16.0.6, confirming the vulnerability was exploitable.
Proof of Concepts (PoC).
- Vulhub - Docker Environment - Pre-built Docker container to safely reproduce the vulnerability locally.
- Github - CVE-2025-55182-research Exploit research - PoC for CVE-2025-55182.
- Github - Assetnote/react2shell-scanner - High-fidelity detection script for confidently confirming vulnerability without full exploitation.
- Github - CVE-2025-55182 PoC by maple3142 - PoC for CVE-2025-55182 that works on Next.js 16.0.6.
- [Github] - PoCs for CVE-2025-55182 by lachlan2k](https://github.com/lachlan2k/React2Shell-CVE-2025-55182-original-poc) - Original Proof-of-Concept's for React2Shell CVE-2025-55182
- [Github] - CVE-2025-55182-advanced-scanner by zack0x01](https://github.com/zack0x01/CVE-2025-55182-advanced-scanner-) - Simple command-line tool for detecting and exploiting CVE-2025-55182 (React Server Components RCE) in Next.js applications.
Active threat actor reporting and wider industry coverage.
- China-nexus cyber threat groups rapidly exploit React2Shell - AWS Security Blog report on exploitation by groups like Earth Lamia and Jackpot Panda.
This library is community-maintained. Please read CONTRIBUTING.md to add a resource.