On December 3, 2025, the React Team revealed a critical vulnerability, CVE-2025-55182, in React Server Components, named "React2Shell." This flaw has a maximum CVSS score of 10.0, allowing attackers to execute arbitrary code through a single crafted HTTP request. The vulnerability affects specific versions of React (19.0.0 through 19.2.0) and downstream frameworks like Next.js, which has its own tracking ID, CVE-2025-66478. Researchers noted that exploitation success rates are alarmingly high, nearing 100% against default configurations, making it likely that this vulnerability will be widely exploited. The flaw lies in the unsafe deserialization of HTTP requests, allowing attackers to manipulate server-side execution. This opens up significant risks, including data theft, lateral movement within networks, and the deployment of ransomware. The implications are severe, as the vulnerability can be automated for mass attacks across the internet. Organizations using React with Server Components must take immediate action to patch their systems. Sysdig's Threat Research Team has developed a detection rule for React2Shell that can be implemented in Sysdig Secure. They recommend organizations running affected versions of React to update immediately and also deploy runtime detection tools. Meanwhile, various cloud providers are rolling out web application firewall (WAF) rules to block potential exploit attempts, but these should not be the sole line of defense. Comprehensive patching is essential, and organizations should verify their versions against the patched releases listed for React and Next.js.