React2Shell exploit: What happened and lessons learned
SMRTR summary
React2Shell (CVE-2025-55182) is a critical vulnerability with CVSS score 10.0 that allows remote code execution on servers running React Server Components. The exploit abuses React Flight protocol's deserialization process by injecting fake promises and hijacking internal references to execute malicious JavaScript code on the server through Function() constructor abuse.
SMRTR provides this summary for quick context. The original article belongs to LogRocket.
Read the original article