Expanding React2Shell for Serverless Lambda Function Originally posted on our website: https://www.prodefense.io/blog/react2shell-for-lambdas

InfoSecWriteUps' platform is  dedicated to providing insights and resources for cybersecurity professionals and enthusiasts. Through articles, tutorials, and security research, InfoSecWriteUps offers insights into cybersecurity vulnerabilities, attack techniques, and defense strategies. Readers can learn about penetration testing, threat intelligence, and incident response to enhance their cybersecurity knowledge and skills.

InfoSec Write-ups

CVE-2025-55182 (React2Shell) affects serverless Lambda deployments running Next.js via OpenNext.js, but existing scanners miss it because they look for traditional shell-based RCE. In Lambda's bundled environment, Webpack accidentally blocks shell access, but the vulnerability still enables Server-Side JavaScript Injection (SSJI), allowing attackers to exfiltrate AWS credentials and environment variables through fetch() calls. The architectural differences between traditional Next.js servers and Lambda's event-driven model transform how the RSC protocol vulnerability manifests, requiring detection methods that probe the execution environment rather than attempting shell commands.

Expanding React2Shell for Serverless Lambda Function

Understanding Serverless Next.js Deployments

Why This Matters for React2Shell (CVE-2025–55182)

Get Matthew Keeley’s stories in your inbox

Why Traditional RCE is Blocked (Accidentally)

The Power of SSJI: Stealing the Keys to the Kingdom