Critical Security Advisory
React2Shell (CVE-2025-55182): The CVSS 10.0 RCE Shaking the JavaScript Ecosystem
December 6, 2025 | Critical Security Advisory Executive Summary The JavaScript ecosystem is facing one of its most severe security crises in recent memory. CVE-2025-55182, dubbed "React2Shell" by security researchers, is a maximum-severity (CVSS 10.0) remote code execution vulnerability affecting React Server Components that allows unauthenticated attackers to