CVE-2025-55182: Frequently Asked Questions About React2Shell: React Server Components Remote Code Execution Vulnerability

Tenable Research Special Operations details React2Shell (CVE-2025-55182), a CVSS 10 unauthenticated RCE in React Server Components affecting multiple react-server-dom packages and frameworks (including Next.js); public PoCs and reports of in-the-wild exploitation by China-linked actors have been observed, and fixed package versions and mitigations are provided—patch immediately.