CVE-2025-55182 (React2Shell)

STATUS UPDATE (December 13, 2025): Exploitation continues with confirmed China-nexus APT activity. Three additional CVEs disclosed (CVE-2025-55183, CVE-2025-55184, CVE-2025-67779). Latest patches: React 19.2.3 and Next.js 16.0.10+ address all vulnerabilities. Major cloud providers have deployed platform-level protections, but upgrade remains mandatory.

CRITICAL UPDATE (December 6, 2025): Security researchers confirm active exploitation in the wild. CVE-2025-55182, now widely known as “React2Shell,” has been integrated into Mirai and other botnet exploitation toolkits. Nearly 50% of attacking IPs are newly registered infrastructure (December 2025). Post-exploitation activities include cryptocurrency mining, credential theft, and ransomware staging.

Disclosure Notice: This vulnerability was publicly disclosed on December 3, 2025. If you’re running Next.js 14.3+, 15, or 16 with React Server Components, you should upgrade immediately, regardless of your hosting provider.

TL;DR:

What: CVE-2025-55182 (“React2Shell”) is a critical remote code execution (RCE) vulnerability in React Server Components (RSC).
When: Publicly disclosed December 3, 2025; active exploitation confirmed December 6, 2025.
Who: Affects React 19.0.0 - 19.2.0 and Next.js ≥14.3.0-canary.77, all 15.x, all 16.x.
Why: RCE allows attackers to execute arbitrary code on your server, access secrets, and pivot within your infrastructure.
How: Upgrade immediately to React 19.2.3+ and Next.js 16.0.10+ for complete protection (addresses 4 related CVEs).

Today we witnessed defense in depth working exactly as intended. Within hours of CVE-2025-55182 being disclosed, a critical remote code execution vulnerability in React Server Components, we received alerts from two different sources:

Vercel’s dashboard, warning us that WAF rules were already protecting our production deployment
Dependabot PR #87, automatically upgrading Next.js from 16.0.6 to 16.0.7

Vercel Dashboard Alert

This is what modern security infrastructure looks like: multiple layers working in concert. Vercel’s WAF provided immediate protection before we could even review the PR, while Dependabot delivered the actual patch for permanent remediation.

In this post, we’ll break down what CVE-2025-55182 is, why it matters, how these layered defenses protected our app, and what you should do to secure your own projects.

What Is CVE-2025-55182 (React2Shell)?

CVE-2025-55182, also known as “React2Shell” in the security community, is a critical-severity vulnerability affecting React Server Components (RSC). Under certain conditions, specially crafted requests can lead to unintended remote code execution (RCE) on the server.

The vulnerability exists in React 19’s server-side rendering packages:

react-server-dom-parcel
react-server-dom-webpack
react-server-dom-turbopack

For Next.js specifically, there’s a related CVE: CVE-2025-66478.

Why This Matters

RCE vulnerabilities are among the most severe security issues. An attacker exploiting this could potentially:

Execute arbitrary code on your server
Access environment variables and secrets
Pivot to other services in your infrastructure
Exfiltrate sensitive data

This isn’t a theoretical risk—it’s actively exploited in the wild with confirmed botnet integration.

Am I Affected?

If you’re using React Server Components with any of these versions, you’re affected:

Package	Affected Versions	Fixed Versions	Recommended (Dec 13, 2025)
React	19.0.0 - 19.2.0	19.0.1, 19.1.2, 19.2.1+	19.2.3+ (addresses all 4 CVEs)
Next.js	≥14.3.0-canary.77, all 15.x, all 16.x	15.0.5+, 16.0.7+	16.0.10+ (latest hardened)

Other affected frameworks: Vite with RSC, Parcel, React Router (RSC), RedwoodSDK, Waku

Quick check for Next.js projects:

# Check your current versions
npm ls next react
 
# Or in your package.json
cat package.json | grep -E '"(next|react)"'

How Vercel Beat the Bots

Attack Chain Context: Exploitation is fully automated, progressing from scanner identification to payload deployment in under 10 seconds. Attackers use PowerShell arithmetic validation (powershell -c "40138*41979"), encoded payloads, AMSI bypasses, then deploy cryptocurrency miners, backdoors, and credential harvesters.

Here’s what makes this disclosure interesting from a DevSecOps perspective: Vercel’s platform detected and mitigated this vulnerability before Dependabot could even create a PR.

Threat Actor Activity

China-Nexus Groups (AWS Intelligence):

Earth Lamia and Jackpot Panda began exploitation within hours of December 3 disclosure
Systematically monitoring vulnerability disclosures and integrating public exploits
Simultaneously exploiting multiple N-day vulnerabilities (CVE-2025-1338 and others)
Using user agent randomization and automated scanning tools to evade detection

Wiz Research Findings:

39% of cloud environments contain vulnerable Next.js/React instances
44% of all cloud environments have publicly exposed Next.js applications
First confirmed victims compromised starting December 5, 6:00 UTC
Primary targets: Internet-facing Next.js applications and Kubernetes containers

Post-Exploitation Activity Observed:

Cloud credential harvesting (AWS credentials from environment variables, metadata)
Base64-encoding credentials in preparation for exfiltration
Sliver malware framework installation for persistence
Cryptocurrency mining operations
Ransomware staging infrastructure setup

The Timeline

The disclosure and exploitation unfolded rapidly:

December 3, 2025 - Pre-disclosure: Vercel coordinates with the React team, develops WAF rules
December 3, 2025 - Public disclosure: CVE-2025-55182 and CVE-2025-66478 are published
December 3, 2025 - Immediate WAF deployment: Vercel automatically deploys protection rules
December 3, 2025 - 20:49 UTC - Same-day Dependabot PR: PR #87 arrives
December 4, 2025 - 21:04 UTC: Rapid7 validates weaponized exploit; proof-of-concept exploits become publicly available
December 4, 2025 - AWS Threat Intelligence: China-nexus threat actors (Earth Lamia, Jackpot Panda) actively exploiting within hours of disclosure
December 4, 2025 - Exploitation begins: Active scanning and exploitation attempts detected globally across honeypots
December 5, 2025 - 06:00 UTC: Wiz Research sensors identify first victims compromised; rapid expansion of exploitation observed
December 5, 2025 - CISA KEV Addition: CVE-2025-55182 added to CISA’s Known Exploited Vulnerabilities list
December 5, 2025 - Lachlan Davidson PoC: Original discoverer publishes official proof-of-concept; Metasploit exploit module available
December 5, 2025 - 23:44 UTC: Vercel partners with HackerOne for responsible disclosure ( $25k-$ 50k bounties)
December 6, 2025 - 06:29 UTC: Vercel releases automated fix tool

Both systems worked, but with different roles and limitations:

Vercel’s WAF: Defense-in-depth layer (mitigation, not complete protection)
Dependabot: Same-day patch delivery (complete remediation)

Exploitation Tool Maturity

As of December 8, 2025:

Multiple working weaponized exploits publicly available
Metasploit module integrated into standard toolkit
Automated scanning tools widely adopted by threat actors
Payload variations observed as attackers refine techniques against real targets
High-fidelity exploitation with near 100% success rate reported by researchers

Vercel’s Approach

Vercel coordinated with the React team pre-disclosure, deployed WAF rules automatically to all projects, and continuously improved protections as bypass variants emerged. They released automated fix tooling (npx fix-react2shell-next) and began blocking new vulnerable deployments.

“We have created new WAF rules to address this vulnerability and deployed them to Vercel WAF that will automatically and at no cost protect all projects hosted on Vercel.” — Jimour Lai, Vercel Security Engineer

Important WAF Limitations: Vercel acknowledges that “WAF rules are one layer of defense but can never guarantee 100% coverage.” As new exploit variants emerged (evidenced by payload variations observed on December 8), Vercel identified and patched WAF bypasses, but upgrading remains the only complete fix.

CISA Recognition: The addition of CVE-2025-55182 to CISA’s Known Exploited Vulnerabilities list on December 5 signals that this is now considered a priority threat by federal agencies, underscoring the urgency of remediation.

This means that while the WAF provided valuable defense-in-depth, our production deployment wasn’t truly secure until we merged the upgrade. The WAF bought us time and reduced risk, but it wasn’t a substitute for patching.

The Broader Impact

Vercel also worked with the React team to provide recommendations to major WAF and CDN providers. This collaborative approach helps protect the broader ecosystem, not just Vercel customers.

New Vulnerabilities Discovered

Following the disclosure of React2Shell, security researchers discovered three additional vulnerabilities in React Server Components (December 11-13, 2025):

CVE	Severity	Impact	Patched In
CVE-2025-55183	Medium	Source code exposure	React 19.2.2+
CVE-2025-55184	High	Denial of Service	React 19.2.2+
CVE-2025-67779	High	DoS (incomplete CVE-2025-55184 fix)	React 19.2.3+

Recommendation: Upgrade directly to React 19.2.3 to address all four vulnerabilities in one update.

Confirmed APT Activity

Google Threat Intelligence Group (GTIG) has identified multiple China-nexus threat clusters actively exploiting CVE-2025-55182:

Earth Lamia (tracked as UNC5454 by GTIG)
Jackpot Panda (relationship unknown)
UNC6586 (separate China-nexus cluster)

New Malware Families Deployed:

MINOCAT tunneler - Network persistence and lateral movement
SNOWLIGHT downloader - Secondary payload delivery
HISONIC backdoor - Command and control
COMPOOD backdoor - Data exfiltration
XMRIG cryptocurrency miners - Resource hijacking

Scale of Exploitation (December 5-13, 2025):

800+ IP addresses conducting active scanning
Multiple victim organizations confirmed compromised
Post-exploitation activities include credential harvesting, cloud infrastructure pivoting, and cryptocurrency mining

Enhanced Cloud Provider Defenses

Google Cloud:

Automatic Cloud Armor WAF rules deployed
Platform-level protections for App Engine, Cloud Functions, Cloud Run
Firebase hosting automatic rule enforcement

AWS:

Sonaris active defense deployment
Enhanced AWS WAF managed rules (AWSManagedRulesKnownBadInputsRuleSet v1.24+)
Threat intelligence team monitoring and customer notification

Important: These platform protections are interim measures only. Patching vulnerable applications remains mandatory.

How to Fix It

Even with cloud provider WAF protections, you must still upgrade. WAF rules provide interim protection but are not a permanent fix.

For Next.js Projects

# Upgrade to the latest patched versions (December 13, 2025)
npm install next@latest react@latest react-dom@latest
 
# Or specify exact versions addressing all 4 CVEs
npm install next@16.0.10 react@19.2.3 react-dom@19.2.3

Verify Your Upgrade

After upgrading, confirm the versions:

npm ls next react react-dom

You should see versions at or above the patched releases listed in the table above.

For Other RSC Frameworks

Check your framework’s documentation for specific upgrade instructions. The underlying fix is in React itself, so ensure you’re on React 19.0.1, 19.1.2, or 19.2.1+.

Detection & Response

If you suspect your application may have been compromised, here’s how to investigate:

Signs of Compromise

Monitor your systems for these indicators:

Unusual POST requests with patterns like:
- _prefix, _chunks, _formData in request bodies
- Large encoded payloads
- Requests to uncommon RSC endpoints
PowerShell execution (Windows servers):
- Commands with -enc or -EncodedCommand flags
- Base64-encoded command parameters
- Arithmetic validation commands (e.g., powershell -c "40138*41979")
Windows Event Logs (Event ID 4104 - PowerShell Script Block Logging):
- AMSI bypass attempts containing strings like:
  - System.Management.Automation.AmsiUtils
  - amsiInitFailed
  - Reflection-based attacks
Network indicators:

Detection Code Samples

PowerShell Logging Query (Windows Event Log)

# Search for AMSI bypass attempts in PowerShell logs
Get-WinEvent -FilterHashtable @{
    LogName='Microsoft-Windows-PowerShell/Operational'
    Id=4104
} | Where-Object {
    $_.Message -match 'amsiInitFailed' -or
    $_.Message -match 'AmsiUtils' -or
    $_.Message -match 'System.Management.Automation'
} |

Check for Encoded PowerShell Commands

# Alert on suspicious encoded PowerShell with download patterns
Get-WinEvent -FilterHashtable @{
    LogName='Microsoft-Windows-PowerShell/Operational'
    Id=4104
} | Where-Object {
    $_.Message -match '-enc' -and
    ($_.Message -match 'DownloadString' -or $_.Message -match 'IEX')
}

Analyze Application Logs (Next.js/Node.js)

# Search for unusual POST patterns in application logs
grep -E 'POST.*(_prefix|_chunks|_formData)' /var/log/app/*.log
 
# Check for PowerShell execution in function logs
grep -iE 'powershell|cmd\.exe|/bin/sh' /var/log/app/*.log
 
# Look for base64 patterns in request bodies
grep -E 'base64|[A-Za-z0-9+/]{50,}=' /var/log/app/*.log

Network Traffic Analysis

# Check for connections to known mining pools or exfiltration services
netstat -an | grep -E '(3333|4444|5555|8080|8443)'
 
# Review DNS queries for exfiltration domains
tcpdump -i any -n 'udp port 53' | grep -E '(ceye\.io|dnslog\.cn)'

Immediate Actions

Verify your version (for Vercel customers):
- Open browser console on your production site
- Run: next.version
- Or check Vercel dashboard for vulnerability banner
Assume you’ve been scanned (if unpatched):
- Active scanning has been confirmed globally since December 4
- If running unpatched versions, assume attackers know about it
- Threat actors are actively debugging techniques (as of December 8)
Review recent logs for the patterns above:
- Application logs (check for POST requests with unusual payloads)
- WAF logs (look for spikes in blocked traffic)
- System event logs (especially PowerShell Event ID 4104)
- Network traffic logs (check for credential exfiltration patterns)
Check for post-exploitation indicators:
- Unexpected processes: cryptocurrency miners, Sliver malware, credential harvesters
- AWS metadata access attempts
- Base64-encoded credential exports
- New privileged user accounts
- Modified sudoers/etc/shadow files
Block known malicious IPs:
- Use GreyNoise blocklists
- Add IP filtering at CDN/WAF layer
- Consider geo-blocking if appropriate for your application
Upgrade immediately:

For Vercel Customers

Vercel provides additional detection assistance:

Dashboard banner: Check for vulnerability alerts in your Vercel dashboard
WAF logs: Review WAF validation traffic for spikes
Deployment blocking: New vulnerable deployments are automatically blocked

Remember: WAF protection is defense-in-depth, not a complete fix. Even if you see no exploitation attempts, upgrade immediately.

What This Means for RSC Security

React Server Components represent a significant architectural shift. They blur the line between client and server code, which creates new attack surfaces that didn’t exist in traditional client-side React.

This vulnerability is a reminder that:

Server-side code needs server-side security thinking. RSC isn’t “just React”, it’s React running in a privileged environment.
Framework-level protections matter. Vercel’s ability to deploy WAF rules across their platform demonstrates the value of managed infrastructure.
The disclosure process is evolving. Coordinated disclosure with platform providers can protect users faster than traditional CVE→Dependabot→CI workflows.

What We Did: Dependabot’s PR

After reviewing PR #87, we merged Dependabot’s upgrade from Next.js 16.0.6 to 16.0.7. Subsequently, we’ve received additional automated updates, bringing us to Next.js 16.0.10 and React 19.2.1 as of December 2025. Dependabot linked to the CVE, our CI validated each upgrade, and we deployed. Vercel’s WAF bought us time while Dependabot delivered the permanent fix—we weren’t scrambling, just approving the changes.

For Projects Without Dependabot

If you’re not using Dependabot or Renovate, here’s how to upgrade manually:

# Upgrade to the latest patched version
npm install next@latest react@latest react-dom@latest
 
# Or specify exact versions (December 2025 recommendations)
npm install next@16.0.10 react@19.2.1 react-dom@19.2.1

Verify your upgrade:

npm ls next react react-dom

Frequently Asked Questions

This is why upgrading is non-negotiable.

Key Takeaways

Upgrade immediately—this is under active exploitation: Botnet integration confirmed, mass scanning ongoing, post-exploitation includes cryptomining and ransomware staging
Use Vercel’s fix tool for fastest remediation: npx fix-react2shell-next automates the upgrade process
WAF protection is defense-in-depth, not a complete fix: WAF cannot guarantee 100% coverage; bypasses exist and new variants emerge
Monitor for compromise using the detection patterns: PowerShell Event ID 4104, encoded commands, AMSI bypasses, unusual network connections
Enable Dependabot security updates: Same-day PRs for critical vulnerabilities are invaluable (when you actually merge them)
RSC introduces server-side attack surfaces: React Server Components blur client/server boundaries, creating new security considerations
Expect long-term exploitation: This vulnerability will be part of the threat landscape indefinitely—unpatched systems will be found
Don’t test POCs on production: Use version checks and log analysis instead of running exploits

Lessons Learned

This incident highlights several important lessons for DevSecOps teams:

Defense in depth works: Vercel’s WAF and Dependabot provided layered protection
Automated tooling is essential: Automated fix tools and dependency management speed remediation
Proactive monitoring is critical: Detection patterns help identify potential compromises quickly
Collaboration matters: Coordinated disclosure with platform providers enhances ecosystem security

# Use Vercel's automated fix tool (recommended)
npx fix-react2shell-next
 
# Or manual upgrade
npm install next@latest react@latest react-dom@latest