Detecting React2Shell: The maximum-severity RCE vulnerability affecting React Server Components and Next.js

On December 3, 2025, a critical unauthenticated RCE vulnerability dubbed "React2Shell" (CVE-2025-55182) was disclosed in React Server Components' Flight protocol, affecting multiple react-server-dom packages and numerous frameworks (including Next.js tracked as CVE-2025-66478); public PoCs and reports of near-100% exploitation against default configurations make this a high-risk, mass-exploitation threat, and the report provides technical analysis, Falco detection rules, WAF mitigations, scanners, and required patch versions as remediation.