| Details | |
|---|---|
| Alert ID | 40048 |
| Alert Type | Active |
| Status | release |
| Risk | High |
| CWE | 78 |
| WASC | 32 |
| Technologies Targeted |
Framework / Next / js Framework / React |
| Tags |
CVE-2025-55182 CVE-2025-66478 CWE-78 HIPAA OWASP_2017_A01 OWASP_2021_A03 PCI_DSS POLICY_DEV_CICD POLICY_DEV_FULL POLICY_DEV_STD POLICY_PENTEST POLICY_QA_CICD POLICY_QA_FULL POLICY_QA_STD |
| More Info |
Scan Rule Help |
Summary
The server is running Next.js and vulnerable versions of React Server Components with Next.js which allow remote attackers to execute arbitrary code.
Solution
Upgrade to the latest versions of the React libraries you are using.Other Info
The attack verifies that the server is running vulnerable React Server Components, and that the remote code execution (RCE) vulnerability is present without causing any damage. It forces an error via a malformed multipart request and checks for the presence of a string which confirms RCE is possible.References
- https://react2shell.com/
- https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
- https://slcyber.io/research-center/high-fidelity-detection-mechanism-for-rsc-next-js-rce-cve-2025-55182-cve-2025-66478/