CVE-2025-55183 and CVE-2025-55184: New React RSC Vulnerabilities Expose Applications to Denial of Service Attacks and Source Code Leaks
A newly disclosed maximum-severity vulnerability in React Server Components (RSC), known as React2Shell (CVE-2025-55182), has rapidly escalated into a serious threat. Multiple China-aligned state-backed groups have been observed exploiting the flaw in the wild to achieve RCE against vulnerable React deployments. In response to the exploitation of CVE-2025-55182, the React team also released additional fixes for newly identified RSC issues that could lead to denial-of-service (DoS) attacks or source code disclosure, tracked as CVE-2025-55183 and CVE-2025-55184, as well as CVE-2025-67779, which addresses an incomplete fix for CVE-2025-55184 with the same security impact.
The React2Shell exploitation has acquired a fast pace, with in-the-wild attacks going beyond stopping at opportunistic scans. For instance, shortly after the disclosure of CVE-2025-55182, researchers identified EtherRAT, an advanced implant deployed through React2Shell. Its capabilities mirror DPRK’s “Contagious Interview” operations, suggesting either a tactical pivot by North Korea-linked actors or the sharing of sophisticated tools among state-sponsored groups. Explore more about the attack details along with mitigation and response guidance, and get relevant detections, simulations, and full threat intel using SOC Prime’s Active Threats.
With the React2Shell attacks unfolding, defenders stumbled upon a set of new RSC vulnerabilities mentioned above, which require ultra-responsiveness from security teams to minimize the risks of exploitation attempts. Sign up for SOC Prime’s vendor-agnostic platform for real-time defense to get access to ​​the world’s largest detection intelligence dataset, adopt a full pipeline from detection to simulation to accelerate security workflows, and take advantage of AI and top cybersecurity expertise to take your SOC to the next level. Press Explore Detections to drill down to the full collection of SOC content addressing current and existing vulnerabilities, filtered by the relevant “CVE” tag.
Detection content from this collection can be instantly converted into multiple SIEM, EDR, and Data Lake formats and is aligned with the latest MITRE ATT&CK® v18.1. Explore AI-native detection intelligence and comprehensive threat context to reduce analyst fatigue and boost operational effectiveness.
For security teams looking for ways to accelerate detection engineering workflows, SOC Prime curates Uncoder AI. Seamlessly convert IOCs into custom performance-optimized queries ready to run in your SIEM or EDR environment, craft detection logic directly from threat reports in an automated fashion, visualize Attack Flows, validate and fine-tune detection logic for accuracy and precision, and translate rules across diverse language formats in a matter of seconds.
CVE-2025-55183 and CVE-2025-55184 Analysis
Following the weaponization of React2Shell, researchers uncovered additional vulnerabilities while analyzing the effectiveness of the initial patches. These newly identified issues do not enable RCE, and the existing fixes successfully block that attack vector, according to the React team. However, they introduce new risks: two denial-of-service flaws (CVE-2025-55184 and CVE-2025-67779, with the CVSS score of 7.5) and a source code disclosure issue tracked as CVE-2025-55183, with a CVSS score of 5.3.
CVE-2025-55184 stems from unsafe deserialization in Server Function request handling, which can trigger an infinite loop and effectively hang the server, while CVE-2025-55183 allows specially crafted requests to leak Server Function source code under specific conditions.
All issues affect the same RSC packages and versions as CVE-2025-55182, with fixes available in versions 19.0.3, 19.1.4, and 19.2.3. The React team notes that follow-on disclosures are a common outcome after major vulnerabilities, reflecting deeper scrutiny of adjacent code paths rather than failed remediation. As highly recommended CVE-2025-55183 and CVE-2025-55184 mitigation measures, the vendor strongly advises users to update promptly, given ongoing exploitation activity.
The escalating exploitation of React2Shell, followed closely by newly uncovered RSC vulnerabilities, underscores the need for defenders to remain highly vigilant and continuously strengthen their security posture to reduce exposure to similar threats. By leveraging SOC Prime’s AI-Native Detection Intelligence Platform, organizations can enhance real-time defense at scale while increasing their engineering team productivity, accelerating workflows by adopting the full lifecycle from detection to simulation, and operationalizing threat intel faster across tools, teams, and environments.
