React2Shell (CVE-2025-55182) Deserialization to Remote Code Execution in React and Next.js

Checkmarx reports a critical unauthenticated remote code execution vulnerability (React2Shell, CVE-2025-55182) in React Server Components and related packages that stems from unsafe deserialization of Server Function requests; the advisory describes the root cause, exploitation paths (including invoking dangerous bundled Node modules), affected packages (React, Next.js, react-server-dom-* and others), and provides fixed versions and upgrade guidance to remediate the issue.