THREAT OPS › CVEs › CVE-2025-55182
CVE-2025-55182 — Meta React Server Components Remote Code Execution Vulnerability
Meta React Server Components contains a remote code execution vulnerability that could allow unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Server Function endpoints. Please note CVE-2025-66478 has been rejected, but it is associated with CVE-2025- 55182.
Vulnerability details
- Affected productsReact Server Components
- KEV remediation due2025-12-12
Exploiting threat actors
- Earth LuscaG1006
- Mustang PandaG0129
Related reporting
- At Mythos Speed: A Defender's Playbook for the AI Vulnerability Surge in 2026recordedfuture
- CVE-2025-55182 (React2Shell) Opportunistic Exploitation In The Wild: What The GreyNoise Observation Grid Is Seeing So Fargreynoise_blog
- React Server Components Exploitation Consolidates as Two IPs Generate Majority of Attack Trafficgreynoise_blog
- AI Threat Landscape Digest March-April 2026checkpoint_research
- JSAC2026 -Day 1-jpcert_blog
- Multiple Threat Actors Rapidly Exploit React2Shell: A Case Study of Active Compromisejpcert_blog
- Flash Alert: EtherRat and TukTuk C2 End in The Gentleman Ransomwaredfirreport
- PCPJack | Cloud Worm Evicts TeamPCP and Steals Credentials at Scalesentinelone
- June 2026 CVE Landscaperecordedfuture