CVE-2025-66478 - Geek Feed

Security
Tech News

Critical React, Next.js flaw lets hackers execute code on servers

December 7, 2025December 7, 2025 geekfeed0Tagged CVE-2025-55182, CVE-2025-66478, Next.js, rce, React2Shell, ReactJS, Remote Code Execution, vulnerability

A maximum severity vulnerability, dubbed ‘React2Shell’, in the React Server Components (RSC) ‘Flight’ protocol allows remote code execution without authentication in React and Next.js applications. The security issue stems from insecure deserialization. It received a severity score of 10/10 and has been assigned the identifiers CVE-2025-55182 for React and CVE-2025-66478 (CVE rejected in the National Vulnerability Database) for Next.js. Security researcher Lachlan Davidson discovered […]

3 mins read