CVE-2025-55182: Critical Vulnerability, React2Shell, Allows for Unauthenticated RCE

Cybereason warns of a critical unauthenticated remote code execution vulnerability in React Server Components (CVE-2025-55182, “React2Shell”) affecting React 19.0.0–19.2.0 and frameworks that bundle RSC (e.g., Next.js); public PoCs are available and exploitation has been observed shortly after disclosure, with attribution to China-linked groups — organizations should apply the provided patches, monitor for malformed RSC requests and unexpected process execution, and investigate internet-exposed servers for compromise.