The OHB Digital logo in the color blue
Jobs
The OHB Digital logo in the color white
Important information
for your IT security
Important information
for your IT security

Newsletter: Critical security vulnerability in React Server Components

The vulnerability poses a significant risk to normal operations.

Last week, a serious vulnerability was discovered in React Server Components (RSC) was discovered that affects numerous web applications. The vulnerability, identified as CVE-2025-55182 received the highest rating in CVSS (10.0) and allows unauthenticated attackers to remote code execution on vulnerable systems. Due to its ease of exploitation and widespread use, the vulnerability is already known as "React2Shell" . 

The critical security vulnerability CVE-2025-55182 was reported by Lachlan Davidson on November 29, 2025.

The React team at Facebook has published this notice about the vulnerability, and there is a support post on the React blog. A fix to close the vulnerability has been introduced in versions 19.0.1, 19.1.2, and 19.2.1.

Affected systems

  • React packages: react-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack (versions 19.0 to 19.2.0) 
  • Frameworks such as Next.js, React Router, Expo, Redwood SDK, Vite, Parcel, and Waku 

threat situation

  • Initial attempts at attacks have already been observed by AWS and attributed to actors with ties to China. 
  • Proof-of-concept exploits are publicly available, and large-scale attack campaigns are expected. 
  • According to security researchers, up to 39% of all cloud environments potentially vulnerable. 

Recommended measures

  • Immediate update to secure versions:  
    • React: 19.0.1, 19.1.2, 19.2.1 
    • Next.js: 15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, 16.0.7 
  • Use of detection tools and monitoring for suspicious activities. 
  • Optional: Use of web application firewalls (WAF) as an additional protective measure. 

Conclusion

This vulnerability poses a significant risk to normal operations. Companies should immediately check whether their applications are affected and install the patches provided. Further information and updates can be found in the official advisories from React and the respective framework providers.

Sources

Would you like more information about IT security?

Then simply get in touch with our experts.

Arrange an initial consultation now
Initiate a recall here
csm nicolas roesener e35f74755d
Nikolas Rösener
Security Expert
  • cyber-security@ohb-ds.de
  • 0421220950