Introduction to React2shell
A few days ago, two highly severe vulnerabilities were discovered & each receiving critical severity scores due to their potential impact on company systems. These vulnerabilities are known as CVE-2025-55182 and CVE-2025-66478, both commonly referred to as React2Shell. They represent newly identified weaknesses found within React Server Components (RSC) and their implementations in Next.js. The fact is, this vulnerability isn’t always visible at first glance and requires a thorough scan to detect it.
What Is React2Shell and What Risks Hide Behind Remote Code Execution?
Global Next.js Exposure Report: 454K Potential Targets for React2Shell Exploitation
Source : shodan.io
Based on global scanning data from Shodan, there are currently 454,293 Next.js hosts exposed to the internet. This indicates the massive worldwide adoption of Next.js and highlights how large the potential blast radius could be if vulnerabilities like React2Shell are exploited.
Source : shodan.io
The chart above shows that Next.js adoption continues to accelerate significantly year over year. In the span of 24 months, the number of public hosts increased from 237,694 to over 512,742, indicating aggressive global adoption and a rapidly expanding exposure surface.
So, what exactly is React2Shell? React2Shell is the name given to a vulnerability that allows attackers to manipulate or modify data and ultimately execute code directly on a server. This is made possible through a mechanism known as Remote Code Execution (RCE).
Why React2Shell is a Serious Problem
React2Shell gives attackers a path to:Â
- Modify or steal data
- Execute malicious code on your server
- Gain access to internal system
- Launch further attacks inside your network
This What Your Company Should Do First
Solution 1: Free Consultation (Recommended for All Companies)
We offer Consultancy services to help clients understand what steps they need to take to strengthen their cybersecurity posture. Talk directly with our Cyber Security Team to Understand.
Solution 2: Quick Vulnerability Scan (React2Shell Check)
Sawah Cyber Security, as a Managed Security Service Provider (MSSP) based in Bali, doing a Continuous Penetration Test to see whether your systems are affected by this vulnerability.
Solution 3: Continuous Protection with Attack Surface Management (ASM)
Sawah Cyber Security provides an Attack Surface Management (ASM) service, where we work as a partnership with a leading technology partner, Searchlight Cyber, to help organizations close these gaps using the tools and capabilities included in our service portfolio.
Call for Collaboration – Secure Your Company/Organization with Sawah Cyber Security.
For existing clients of Sawah Cyber Security we provide already protection and consultancy services. For new clients are able to provide various solutions and provide recommendations :
And also We provide Attack Surface Management together with our exclusive partner AssetNote. If your company needs the tool, feel free to contact us.
đź“© Contact us at [email protected]
Let’s collaborate to build a safer and more resilient digital Indonesia.
