Critical Unauthenticated RCE in React Server Components (CVE-2025-55182)

CVE-2025-55182: Critical Unauthenticated RCE in React Server Components

CVE-2025-55182, dubbed "React2Shell," is a critical pre-authentication remote code execution (RCE) vulnerability impacting React Server Components (RSC) and frameworks leveraging them, such as Next.js. Disclosed on December 3, 2025, by Facebook's security team, this flaw carries a maximum CVSS score of 10.0 due to its unauthenticated nature and severe impact. The vulnerability originates from a critical weakness in the core payload decoding mechanism of React Server Components, specifically within the "Flight" protocol, which handles the serialization and deserialization of data between client and server. Attackers can exploit this by sending a single maliciously crafted HTTP POST request to any Server Function endpoint, leading to arbitrary code execution on the target server.

Vulnerability Description

The vulnerability stems from insecure deserialization of React Flight reply payloads in the client-to-server communication flow. React Server Components rely on the React Flight protocol for data serialization and communication. When a client sends data back to the server for interactivity or to invoke a Server Function, the server deserializes this incoming payload. In affected versions, this deserialization process lacks sufficient validation and restriction of the incoming data's structure. This allows an attacker to inject malicious structures into the payload that React interprets as valid, leading to dangerous object instantiation and method invocation during deserialization.

The core issue lies in how the deserialization logic previously resolved module exports using dynamically supplied metadata without validating property ownership. This lack of strict ownership verification and module reference validation enables attackers to interfere with server-side modules and function resolution. This can be chained with prototype pollution, a JavaScript vulnerability allowing attackers to inject properties into an object's root prototype at runtime, which can subsequently trigger the execution of legitimate code gadgets.

Technical Analysis

The "Flight" protocol, responsible for transmitting serialized component trees and data, is at the heart of RSC communication. While efficient, its deserialization component presented an opportunity for attack. Specifically, the vulnerability manifests when the server attempts to reconstruct objects from client-supplied serialized data. An attacker can craft a payload that, when deserialized, modifies the prototype chain of server-side JavaScript objects.

A common exploitation path involves a specially crafted payload that leverages prototype pollution. By injecting properties like constructor.prototype.__proto__ or similar into the deserialized object, an attacker can overwrite or introduce new properties on Object.prototype. This global modification can then be used to influence the behavior of other server-side components or libraries that access these properties, ultimately leading to arbitrary code execution.

Consider a simplified vulnerable deserialization routine (hypothetical, for illustrative purposes): 


// Simplified vulnerable deserialization (illustrative)
function deserializePayload(payload) {
  // Insecurely parses and reconstructs object from payload
  // No strict validation of object structure or property assignments
  let obj = JSON.parse(payload); 

  // If payload contains __proto__ pollution, it affects global Object.prototype
  if (obj && typeof obj === 'object') {
    for (let key in obj) {
      if (key === '__proto__') {
        // Direct assignment to __proto__ bypasses checks in older engines or specific contexts
        Object.assign(Object.prototype, obj[key]); 
      } else {
        // Recursive deserialization or property assignment
        // ... potentially leading to gadget chain invocation
      }
    }
  }
  return obj;
}

// Example of a server-side gadget that could be triggered by prototype pollution
function executeCommand(options) {
  if (options && options.command && typeof options.command === 'string') {
    const { exec } = require('child_process');
    exec(options.command, (error, stdout, stderr) => {
      if (error) {
        console.error(`exec error: ${error}`);
        return;
      }
      console.log(`stdout: ${stdout}`);
      console.error(`stderr: ${stderr}`);
    });
  }
}

// In a vulnerable application, `options` might inherit from a polluted prototype
// Leading to `options.command` being attacker-controlled without explicit assignment.
// e.g., if a server component later calls executeCommand({}) and Object.prototype has a 'command' property.

Exploitation Vector

An unauthenticated attacker sends an HTTP POST request to a React Server Function endpoint. The request body contains a malicious Flight-encoded payload. This payload is engineered to exploit the insecure deserialization flaw, typically by leveraging prototype pollution to achieve arbitrary command execution.

A proof-of-concept (PoC) exploit often involves injecting properties that can manipulate process execution functions, such as those found in Node.js's child_process module. For instance, an attacker could pollute the prototype to define a shell or command property that gets picked up by an unsuspecting server-side function.

Example of a conceptual attack payload structure, demonstrating a simplified malicious client request: 


POST /_rsc/server-function-endpoint HTTP/1.1
Host: vulnerable-rsc-app.com
Content-Type: text/plain;charset=UTF-8
Content-Length: [length_of_payload]

I{"id":0,"chunks":["J1:\$L0"],"$L0":null}
M0:{"call":["_","_","_","require"],"args":["child_process"]}
M1:{"call":["_","0","execSync"],"args":["id > /tmp/rce_output.txt"]}

This hypothetical payload snippet illustrates how an attacker might attempt to manipulate the server. The "I" segment could initiate a special instruction, and subsequent "M" segments could call server-side functions or manipulate object states, eventually leading to arbitrary code execution (e.g., writing the output of the id command to a file). Public proof-of-concept exploits were readily available shortly after disclosure.

Affected Versions

The vulnerability impacts several core React packages responsible for server rendering and their downstream dependencies.

Package Vulnerable Versions Patched Versions
react-server-dom-webpack 19.0.0 through 19.2.0 19.0.1+, 19.1.2+, 19.2.1+
react-server-dom-parcel 19.0.0 through 19.2.0 19.0.1+, 19.1.2+, 19.2.1+
react-server-dom-turbopack 19.0.0 through 19.2.0 19.0.1+, 19.1.2+, 19.2.1+
Next.js (App Router) 15.x and 16.x 15.0.5+, 15.1.9+, 15.2.6+, 15.3.6+, 15.4.8+, 15.5.7+, or 16.0.7+

Even applications that do not explicitly implement React Server Function endpoints may still be vulnerable if they support React Server Components.

Impact

The impact of CVE-2025-55182 is severe, as it grants unauthenticated attackers the ability to execute arbitrary code with the privileges of the web server process. This can lead to:

  • Infrastructure Compromise: Attackers gain full remote access to the server, enabling filesystem access, credential harvesting, and installation of persistent access mechanisms.
  • Data Exfiltration: Sensitive data such as customer databases, API keys, intellectual property, or business logic can be exfiltrated.
  • Lateral Movement: Compromised servers become pivot points for deeper network penetration, targeting internal systems, databases, and cloud resources (e.g., acquiring identity tokens from Azure IMDS, AWS, GCP endpoints).
  • Service Disruption and Ransomware: The vulnerability has been observed to be leveraged in ransomware campaigns and for deploying cryptominers (e.g., XMRig).
  • Source Code Exposure: While distinct from the RCE, related vulnerabilities (CVE-2025-55183) discovered during patch analysis highlighted the risk of compiled source code exposure.

Exploitation activity was detected as early as December 5, 2025, with China-nexus threat groups and financially motivated actors actively leveraging the flaw.

Mitigation Strategies

Immediate patching is the primary and most effective mitigation. Organizations must upgrade to the patched versions of React and Next.js as soon as possible.

  • Upgrade React: Update react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack to versions 19.0.1, 19.1.2, or 19.2.1 or higher.
  • Upgrade Next.js: For Next.js applications using the App Router, upgrade to versions 15.0.5+, 15.1.9+, 15.2.6+, 15.3.6+, 15.4.8+, 15.5.7+, or 16.0.7+.
  • Disable Server Functions (Temporary): If immediate patching is not feasible, disable Server Functions if possible. This is a temporary measure and should not be relied upon for full protection.
  • Web Application Firewall (WAF) Rules: Deploy WAF rules to detect and block malicious payloads targeting React Server Component endpoints. Cloudflare, for example, introduced a WAF rule as a temporary mitigation. These rules should focus on detecting anomalous patterns in incoming HTTP POST requests to RSC endpoints, particularly those attempting to manipulate JavaScript object prototypes or execute suspicious commands.
  • Principle of Least Privilege: Ensure that the user running the Node.js process for React applications has the minimum necessary privileges to reduce the impact of a successful RCE.
  • Network Segmentation: Isolate critical backend services from internet-facing React applications to limit lateral movement.
  • Input Validation and Sanitization: While a fix is in place at the framework level, developers should consistently apply strict input validation and sanitization for all client-supplied data, especially when it is destined for server-side processing or deserialization.

Detection and Remediation

Organizations should inventory applications using React 19.x and Next.js 15.x or 16.x with the App Router. Manual identification involves reviewing node_modules for affected packages and validating versions.

Tools like Dependabot or Socket can monitor for vulnerable dependencies. Runtime Application Self-Protection (RASP) solutions can integrate with applications to provide continuous security monitoring and protection by detecting and blocking malicious execution flows. Endpoint Detection and Response (EDR) solutions, such as Microsoft Defender for Endpoint, have expanded detection frameworks to identify and alert on CVE-2025-55182 activity.

Indicators of Compromise (IoCs) to look for include:

  • Unusual outbound network connections from the Node.js process to untrusted external IPs.
  • Creation of suspicious files (e.g., webshells, cryptominer executables) in unexpected directories.
  • Unusual child processes spawned by the Node.js application (e.g., sh, bash, cmd.exe, powershell.exe executing suspicious commands).
  • Spikes in CPU utilization not correlated with legitimate traffic, potentially indicating cryptomining activity.
  • Attempts to access cloud metadata service endpoints (e.g., 169.254.169.254) from the application server.

Example command to check for suspicious processes: 


# On Linux
ps aux | grep node | grep -v grep | awk '{print $2}' | xargs -I {} sh -c 'ls -l /proc/{}/exe 2>/dev/null; cat /proc/{}/cmdline 2>/dev/null'

# Look for unexpected commands or arguments, especially those involving
# `curl`, `wget`, `sh`, `bash`, `python`, `php`, etc.

Organizations should conduct thorough forensic investigations of any suspected exploitation, including analyzing access logs, server logs, and network traffic. Remediation should involve patching, revoking potentially compromised credentials, and rebuilding affected environments from trusted sources.