Mar 13
Loading video player...
A maximum-severity vulnerability is hitting React Server Components - and if you're running Next.js, you may be vulnerable by default. React disclosed CVE-2025-55182, nicknamed React2Shell, an unauthenticated remote code execution (CVSS 10.0) affecting React Server Components via the Flight protocol. Next.js tracks downstream exposure as CVE-2025-66478: - No authentication required - One-request exploitability - Public PoC available - Near 100% success reported against default configurations That means internet-wide scanning is likely. Who’s affected? Certain React 19 versions using react-server-dom-* packages (webpack, turbopack, parcel variants), plus standard production builds created with create-next-app. Once RCE is achieved, attackers can: - Steal secrets (tokens, credentials, user data) - Establish persistence (web shells, backdoors) - Move laterally inside your environment - Deploy ransomware Detection guidance: Sysdig TRT recommends monitoring for suspicious process execution spawned by web servers (e.g., Next.js spawning sh, bash, curl, wget). Runtime detection is critical because RCE chains often pivot quickly. Patch immediately. Fixed versions include: React Server Components: 19.0.1, 19.1.2, 19.2.1 Next.js: 15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, 16.0.7 If you're on canary builds, move back to stable per guidance. Chapters: 00:00 Intro to React2Shell 00:18 React2Shell details 00:39 Why is React2Shell high-severity 01:01 Affected packages and configs 01:19 Potential exploitations 01:42 Detection strategies for RCE 02:02 Mitigation measures & limitations 02:24 Patching recommendations #react #nextjs #CVE202555182 #cybersecurity #appsec #cloudsecurity #RCE #Kubernetes #devsecops #react2shell #CVE