React2Shell CVE-2025-55182 exposes servers to remote code execution. Learn risks, impacted frameworks, and urgent remediation steps.

Dynatrace's platform is a central hub for IT professionals and DevOps teams, offering insights into application performance monitoring, cloud observability, and digital experience management. Through articles, case studies, and industry reports, Dynatrace offers insights into monitoring distributed systems, detecting performance bottlenecks, and optimizing application performance. Readers can learn about end-to-end visibility, AI-driven analytics, and automation solutions to deliver superior digital experiences for users.

Dynatrace

A critical vulnerability (CVE-2025-55182) in React's Flight protocol enables remote code execution on servers using React Server Components. The flaw affects Next.js, React Router, Waku, and related frameworks through unsafe deserialization. Proof-of-concept exploits are publicly available and active scanning is underway. Organizations must immediately upgrade to patched versions: React Server Components to 19.0.1+, 19.1.2+, or 19.2.1+, and Next.js to 15.0.5+ or 16.0.7+. Client-only React applications and Next.js 13.x/14.x stable versions are not affected.

CVE-2025-55182: React2Shell Critical Vulnerability: What it is and what to do

Technical details of the React2Shell vulnerability

Detecting React2Shell (CVE-2025-55182) with Runtime Vulnerability Analytics