WASHINGTON / LONDON (IT BOLTWISE) – A critical security vulnerability in React Server Components has been discovered and actively exploited. This vulnerability allows attackers to execute arbitrary code on servers without authentication. The US agency CISA has included the vulnerability in its catalog of known vulnerabilities.
Today’s daily deals at Amazon! ˗ˋˏ$ˎˊ˗
The US Cybersecurity and Infrastructure Security Agency (CISA) recently added a critical vulnerability in the React Server Components (RSC) to its catalog of known vulnerabilities. This vulnerability, known as CVE-2025-55182, allows attackers to execute arbitrary code on servers without authentication. The vulnerability is also known as React2Shell and has a CVSS score of 10.0, indicating its high level of danger.
The vulnerability results from an insecure deserialization in the React library’s Flight protocol, which is used to communicate between server and client. This vulnerability allows an attacker to send specially crafted HTTP requests to execute arbitrary commands on the server. According to Bitdefender’s Martin Zugec, text-to-object conversion is one of the most dangerous classes of software vulnerabilities.
The vulnerability affects versions 19.0.1, 19.1.2 and 19.2.1 of the react-server-dom-webpack, react-server-dom-parcel and react-server-dom-turbopack libraries. Some frameworks based on React are also affected, including Next.js, React Router, Waku, Parcel, Vite and RedwoodSDK. Amazon reported that attacks from Chinese hacking groups such as Earth Lamia and Jackpot Panda were observed within hours of the vulnerability becoming known.
Several security companies, including Coalition, Fastly, GreyNoise, VulnCheck and Wiz, have also reported attacks on this vulnerability. Some of these attacks involved installing cryptocurrency miners and running PowerShell commands to verify successful exploitation of the vulnerability. According to Censys, there are approximately 2.15 million internet-facing services that could be affected by this vulnerability.
Palo Alto Networks Unit 42 has confirmed that over 30 organizations across various sectors have been affected. The attacks are characterized by the use of SNOWLIGHT and VShell. Security researcher Lachlan Davidson, who discovered the vulnerability, has published several proof-of-concept exploits, underscoring the urgency to update affected systems as quickly as possible.
Order an Amazon credit card without an annual fee with a credit limit of 2,000 euros!
Bestseller No. 1 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 2 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 3 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 4 ᵃ⤻ᶻ «KI Gadgets»
Bestseller No. 5 ᵃ⤻ᶻ “KI Gadgets”
Please send any additions and information to the editorial team by email to de-info[at]it-boltwise.de. Since we cannot rule out AI hallucinations, which rarely occur with AI-generated news and content, we ask you to contact us via email and inform us in the event of false statements or misinformation. Please don’t forget to include the article headline in the email: “Critical vulnerability discovered in React Server Components”.