CVE-2025-55182: Critical React Exploit Hits Millions of Sites

CVE-2025-55182 is a critical (CVSS 10.0) unauthenticated RCE in React Server Components and affected Next.js releases that could impact millions of sites; the report describes affected versions, active exploitation by threat actors (including nation-state-linked groups), indicators of compromise (HTTP headers, payload patterns, host behaviors), remediation steps (patching and audits), and observed attacker infrastructure.