React2Shell RCE Vulnerability (CVE-2025-55182)
ID: c1a7a2df-456e-5898-8ad0-9ce91d58c63a
STIX ID: report--c1a7a2df-456e-5898-8ad0-9ce91d58c63a
Feed Name: Zscaler Security Research Blog
Threat Score
This report describes CVE-2025-55182: a server-side deserialization flaw in React 19's Flight (RSC) that allows unauthenticated remote code execution via crafted multipart/form-data exploiting prototype chain traversal in getOutlinedModel; the issue is fixed by adding hasOwnProperty checks to restrict property access.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.