Understanding React2Shell: Critical Remote Code Execution in React Server Components and Next.js

React2Shell is a critical deserialization vulnerability (CVE-2025-55182) in React Server Components and Next.js that enables unauthenticated remote code execution via the Flight protocol; active exploitation has been observed with attackers deploying cryptocurrency miners, backdoors, and persistence tooling. The advisory details affected packages and versions, recommended patching of both React and framework dependencies, inventory and runtime monitoring steps, and broader risk-management guidance to reduce reintroduction of vulnerable RSC components.