CVE-2025-55182: Meta React Server Components Remote Code Execution

Meta React Server Components Remote Code Execution Vulnerability. Meta React Server Components contains a remote code execution vulnerability that could allow unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Server Function endpoints. Please note CVE-2025-66478 has been rejected, but it is associated with CVE-2025- 55182.

• CISA KEV-listed (remediation due 2025-12-12)
• used in ransomware campaigns
• EPSS 85.2% (99.4% percentile)

Detection rules

• Linux Suspicious Child Process from Node.js - React2Shell high
• Windows Suspicious Child Process from Node.js - React2Shell high

Browse the CVE database

Read the full analysis on IntelFusions