CVE-2025-55182: Frequently Asked Questions About React2Shell: React Server Components Remote Code Execution Vulnerability
www.tenable.com
React2Shell: A critical React flaw allowing unauthenticated RCE. Impacts include Next.js, React Router, and apps using Server Components.

I got an email from Vercel urging to upgrade Next.js based project 3 days ago. POC was published 2 days ago. Today I’ve checked my logs and I could already see attack attempts.