{"id":18462,"date":"2025-12-06T02:31:08","date_gmt":"2025-12-06T02:31:08","guid":{"rendered":"https:\/\/sekuritasit.com\/?p=18462"},"modified":"2025-12-06T02:31:08","modified_gmt":"2025-12-06T02:31:08","slug":"react2shell-remote-code-execution-rce-vulnerabilty","status":"publish","type":"post","link":"https:\/\/sekuritasit.com\/index.php\/2025\/12\/06\/react2shell-remote-code-execution-rce-vulnerabilty\/","title":{"rendered":"React2Shell Remote Code Execution (RCE) Vulnerabilty"},"content":{"rendered":"\n\n\n\n <\/colgroup>\n\n\n\n\n
\n

\n What is the Vulnerability?\n <\/p>\n<\/td>\n

\n

\n React2Shell is a critical unauthenticated RCE vulnerability impacting React Server Components (RSC) and frameworks that implement the Flight protocol, including affected versions of Next.js. A remote attacker can send a specially crafted RSC request that triggers server-side deserialization and arbitrary code execution with no user interaction required.<\/p>\n

Exploitation enables full server takeover, installation of backdoors, credential harvesting, and lateral movement. Given the widespread adoption of React\/Next.js in production environments, organizations should patch immediately, enforce WAF restrictions on RSC endpoints, and conduct proactive hunts for suspicious Node.js process spawning, abnormal RSC requests, or unexpected outbound connections.<\/p>\n

Some PoCs circulating may be incomplete\/misleading: treat public PoCs cautiously until validated.\n <\/p>\n<\/td>\n<\/tr>\n

\n

\n What is the recommended Mitigation?\n <\/p>\n<\/td>\n

\n
    \n
  • \n

    \n React Server-Side Flight Libraries:
    \n
    \n react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack (specific vulnerable versions are outlined in the vendor advisories).\n <\/p>\n<\/li>\n

  • \n

    \n Frameworks Implementing RSC\/Flight:
    \n
    \n Frameworks such as Next.js (notably certain versions within the 15\u201316 range) and other ecosystem frameworks that embed React Server Components (RSC) or Flight functionality.\n <\/p>\n<\/li>\n

  • \n

    \n Organizations should review the vendor advisories for complete version details, mitigation steps, and updated guidance.\n <\/p>\n<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n

\n

\n What FortiGuard Coverage is available?\n <\/p>\n<\/td>\n

\n