React Server Components Vulnerability: CVE-2025-55182 Patch Guidance

The React Server Components vulnerability has dominated security discussions this week. CVE-2025-55182, also known as React2Shell, is a maximum-severity unauthenticated RCE affecting React 19, Next.js, and several related frameworks. As soon as details about CVE-2025-55182 (React2Shell) emerged, our team rapidly validated exposure across all customer environments. We immediately notified every impacted customer with guidance and mitigation steps, ensuring they were protected before public exploitation began. Our rapid response and verification workflows, powered by NodeZero, allowed us to move quickly and with confidence. If you need to upgrade, React patches are available in 19.0.1, 19.1.2, and 19.2.1. Next.js users should move to the patched releases, including 15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, and 16.0.7. Before and after patching, use the new Rapid Response test for CVE-2025-55182 to confirm whether your instances are actually exploitable and to validate that your fixes are effective. Visit https://lnkd.in/gUk9PaGT to understand the issue and verify real exposure in minutes. More analysis from our research team is coming soon.