React2Shell Remote Code Execution in React Server Components Vulnerability The bug dubbed as React2Shell, comprising two CVE’s, mainly CVE-2025-55182 and CVE-2025-66478, allows remote unauthenticated users to gain code execution on servers running vulnerable versions of React RSC or Next.JS App Router via single HTTP request. MITRE Tactic ID Technique Name Initial Access T1109 Exploit Public-Facing Application Execution T1059 Command and Scripting Interpreter Persistence T1505.003 Server Software Component: Web Shell Privilege Escalation T1068 Exploitation for Privilege Escalation Defense Evasion T1070.004 Indicator Removal on Host: File Deletion Next.js now powers a massive share of the modern web — millions of production sites,…
Subscribe to the Versa Blog
Trial
ROI
Contact