React2Shell Explained: How the React Server Component Exploit Works

Description

You've probably heard about React2Shell (CVE-2025-55182) - the "CVSS 10.0" vulnerability that's all over news and twitter. But what does it actually mean? How does the code exploit work? What is a React Flight protocol? What are React Server Components, again? In this video, I answer all these questions and break down React2Shell in plain English, without assuming you're a React expert so you can finally understand how the exploit works and what happened with this critical vulnerability in React Server Components. *LINKS MENTIONED* CVE Report: https://www.cve.org/CVERecord?id=CVE-2025-55182 Gitnation Talk: React Server Components - https://gitnation.com/contents/meet-react-flight-and-become-a-rsc-expert RSC Devtools: https://www.alvar.dev/blog/creating-devtools-for-react-server-components Wiz research blog: https://www.wiz.io/blog/nextjs-cve-2025-55182-react2shell-deep-dive *SOCIALS* X / Twitter: https://twitter.com/shrutikapoor08 Discord: https://bit.ly/shruti-discord Web: https://shrutikapoor.dev/ Newsletter: https://bit.ly/shruti-newsletter GitHub: https://github.com/sponsors/shrutikapoor08 #reactjs #react2shell #webdevelopment #shrutikapoor Sub: 32579