React4Shell (React2Shell) Exploitation Update: CVE-2025-55182 CVE-2025-6647 RCE in React RSC & Next | DailyDevLists

Loading video player...

React4Shell (React2Shell) Exploitation Update: CVE-2025-55182 CVE-2025-6647 RCE in React RSC & Next

Phoenix Security

64 days ago

8:02

Next.js & React Server Components

Rank #1

Description

React4Shell, also tracked as React2Shell, is moving fast. This is a critical unauthenticated remote code execution story impacting React Server Components (RSC) via the Flight protocol, tracked as CVE-2025-55182 (React) and CVE-2025-66478 (Next.js). This update focuses on what changed in the last 24 hours, the exploitation timeline, and what defenders should do right now. 0:00 React4Shell/React2Shell update: why a second video 0:54 CVEs: CVE-2025-55182 (React) + CVE-2025-66478 (Next.js) 1:31 Impact: unauthenticated RCE leading to shell access 2:00 Yesterday: mostly PoCs (70–100 repos), limited visible exploitation 2:20 Today: Fastly sees exploitation ramp; Cloudflare disruption signals 2:53 Threat actors: China-nexus/state-sponsored activity reported 3:08 Timeline: Nov 29 report → Dec 3 disclosure → Dec 4 exploitation increase 5:18 What to do: patch now, WAF/Cloud Armor as stopgap, external systems first 6:51 Phoenix angle: campaign view + reachability to prioritize remediation If you run server-rendered React or Next.js App Router, assume you’re being probed until you prove otherwise. Patch, validate deployed artifacts, and use WAF protections as a stopgap while upgrades roll out. Key links • Timeline (exploitation tracking): https://phoenix.security/react2shell-cve-2025-55182-explotiation/ • Technical anatomy + affected versions + fixes: https://phoenix.security/react-nextjs-cve-2025-5518/ • Original React disclosure: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components • Threat actor reporting (AWS): https://aws.amazon.com/blogs/security/china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182/ • GCP guidance (Cloud Armor / response): https://cloud.google.com/blog/products/identity-security/responding-to-cve-2025-55182 • Scanner repo: https://github.com/Security-Phoenix-demo/react2shell-scanner-rce-react-next-CVE-2025-55182-CVE-2025-66478 • Fastly blog (NGWAF / virtual patch): https://www.fastly.com/blog/fastlys-proactive-protection-critical-react-rce-cve-2025-55182

Watch on YouTube

Video Details

Category

Next.js & React Server Components

Featured Date

February 7, 2026

Quality Rank

#1

AI Recommended