security: Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components
Microsoft Security Blog
2025-12-15
The Microsoft Security Blog post describes CVE-2025-55182 (React2Shell), a critical pre-authentication remote code execution vulnerability that affects React Server Components and related frameworks. The advisory notes that CVE-2025-66478 was merged into CVE-2025-55182.