security: Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components
Microsoft Security Blog
2025-12-15
Microsoft Security Blog published an advisory on CVE-2025-55182 (React2Shell), a critical pre-authentication remote code execution vulnerability that affects React Server Components and related frameworks; the advisory notes that CVE-2025-66478 was merged into this issue.