A ticking time bomb in modern web apps On December 3, 2025, maintainers of React.js revealed a critical vulnerability, tracked as CVE-2025-55182, affecting the “Server Components” feature in React and, by extension, many of its frameworks like Next.js. The vulnerability, which has been nicknamed “React2Shell”, allows unauthenticated attackers to run arbitrary code on a vulnerable server by merely issuing a specially crafted HTTP request. What makes this bug especially dangerous is that it exploits a core server-side mechanism that’s meant to enable modern, efficient web deployments, meaning many applications are vulnerable even if they haven’t implemented any custom server logic. As one security advisory says: even default deployments of React Server Components are exploitable. With a maximum severity rating (CVSS 10.0), React2Shell is among the worst kinds of vulnerabilities: one that can immediately lead to full server compromise, data theft, or downstream attacks. Threat actors wasted no time — widespread exploitation underway            React2Shell was officially made public at the end of June, and within hours of its announcement, we had observed the following: One or more organizations in China were probing for vulnerable servers and gaining unauthorized access. Indeed, the Earth Lamia and Jackpot Panda cybercrime organizations are known to have had access to high-impact vulnerabilities for many years in order to conduct espionage, steal data and launch supply-chain attacks against various sectors. They frequently target – among others – the financial, government, retail, logistics, IT services and educational sectors, and often do so in the regions of Southeast Asia, Latin America and the Middle East. The Hacker News They released reports of attempted remote-code execution and reconnaissance against compromised systems. Among the actions of these intruders were the creation of system commands (e.g. “who am I”), writing files to the compromised servers and reading critical files (/etc/passwd) stored on those servers. While it is not possible to accurately assess how many cloud-based publicly-accessible web apps are built on React or Next.js platforms, some estimates indicate that as many as 39% might contain an exploitable React / Next.js stack based on their current level of use. What React2Shell means for modern software and enterprises 1. Widely used frameworks — massively expanded risk surface Most of the interactive web apps and cloud services are powered by React and Next.js. Since React2Shell is about the server-side part of the default setup, a lot of developers, who maybe are not considered “at risk”, just got exposed. The vulnerability doesn’t go to the depth of the niche apps only; in fact, even the mainstream websites and big web platforms are susceptible.   2. Zero-day + public exploit = race against time Public proof-of-concept (PoC) exploit availability means attackers can hardly be stopped by sophisticated tooling or insider knowledge when exploiting vulnerable servers. In the case that a system is unpatched, then it becomes an easy target and the time frame can be as short as minutes from disclosure. React2Shell 3. Potentially severe consequences — from data breaches to full compromise React2Shell being an instance of remote code execution is the reason why attacker can virtually do everything, such as malware installation, lateral movement within the network, data exfiltration, web-shell or ransomware dropping, and using the compromised servers for the attacks to be sent further. The exposure risk is not only limited to the domain of data; hence, full server takeover is possible too. React Server Components 4. Trust in default configurations is broken — security must be proactive This issue demonstrates that even default installations, i.e., those without custom server code, are still vulnerable. Security teams cannot rely on the safety of “out-of-the-box” anymore. Hence, every deployment, framework version, and dependency should be ‍​‌‍​‍‌​‍​‌‍​‍‌audited. How to respond — immediate and strategic steps A situation has arisen where immediate action needs to be taken by organizations who utilize the React.js or Next.js (or other frameworks utilizing React Server Components). A direct course of action has been provided below to help guide this process. Where Sprit Network Fits In – Your Cybersecurity Ally in Turbulent Times At Sprit Network, we realize that issues like React2Shell do not only reveal weaknesses of the system but also put the business reputation, data integrity, and operational continuity at a risk. We are the solution to this problem in the following ways: We live in a world where even the most trusted frameworks can be turned into weapons overnight and this is the reason why having a proactive, experienced partner is more important than ever before. Sprit Network empowers you to turn the situation around from reactive firefighting to strategic risk management, thus, making vulnerabilities controllable challenges rather than existential ‍​‌‍​‍‌​‍​‌‍​‍‌threats. Conclusion: Urgency, Action, and Resilience The React2Shell vulnerability highlights the stark fact that modern web platforms, even what are considered the most popular “standard” web frameworks, are not free from potentially disastrous classes of vulnerabilities. Skilled attackers are already actively taking advantage of this vulnerability, making an action of slow response even more likely to result in being compromised, regardless of whether you are operating a web app for a startup or managing the large scale infrastructure of an enterprise. The time to take action has arrived to those currently using or planning to use React/Next.js: audit, patch and secure your web apps; and if you require the assistance of a cybersecurity expert, take advantage of vendor partners like Sprit Network. Cybersecurity isn’t a choice; it’s an absolute necessity in ensuring your organization does not become a target of cyber crime.