React2Shell: Decoding CVE-2025-55182 – The Silent Threat in React Server Components

Executive summary: A critical RCE vulnerability called “React2Shell” (CVE-2025-55182, CVSS 10.0) in React Server Components was disclosed and is being actively exploited in the wild against internet-facing Next.js and other RSC-enabled applications; exploitation can yield full server takeover and has already been used to deploy cryptominers, backdoors (e.g., Sliver), and establish persistent shells. The advisory lists affected packages/versions, available patched releases, observed attacker behaviors (discovery, DNS/HTTP beaconing, reverse shells), and provides Qualys detection/QID coverage and mitigation/patching guidance.