React2Shell (CVE-2025-55182)What? A 10.0 critical severity vulnerablility affecting server-side use of React.js, tracked as CVE-2025-55182 in React.js and CVE-2025-66478 specifically for the Next.js framework. This vulnerability was responsibly disclosed by myself, Lachlan Davidson on 29 November 2025 PT to the Meta team. Initial disclosure and patch release was performed by React and Vercel on 3 December 2025 PT. Update: Pr
