On November 29th, Lachlan Davidson reported an unauthenticated remote code execution (RCE) vulnerability in React Server Components (RSC). The vulnerability was publicly disclosed on December 3 and is tracked as CVE-2025-55182 with the highest severity (10.0). Amazon threat intelligence teams report active exploitation attempts by multiple China state-nexus threat groups. The critical vulnerability affects React versions 19.0.0 through 19.2.0 and Next.js versions 15.x and 16.x when using App Router. Companies are strongly recommended to patch immediately.
In its original PoC, Davidson showcased how the serialization/deserialization protocol used by React Server Components could be exploited to create a promise-like object that, when awaited, would allow an attacker to execute arbitrary code by calling native functions such as child_process.execSync. While the fix seems simple enough (add hasOwnProperty checks to avoid JavaScript’s object prototype pollution), the exploit itself is also straightforward, with public exploit code available (some of which are AI-generated) from many sources.
Besides AWS, miscellaneous security companies and consultancies have identified active exploitation attempts that contain weaponized payloads. Amazon reported:
Analysis of data from MadPot reveals the persistent nature of these exploitation attempts. In one notable example, an unattributed threat cluster associated with IP address 183[.]6.80.214 spent nearly an hour (from 2:30:17 AM to 3:22:48 AM UTC on December 4, 2025) systematically troubleshooting exploitation attempts:
- 116 total requests across 52 minutes
- Attempted multiple exploit payloads
- Tried executing Linux commands (
whoami,id)
- Attempted file writes to
/tmp/pwned.txt
- Tried to read
/etc/passwd
The vulnerability is a case of server-side JavaScript prototype pollution. In order to pollute objects, an attacker needs a way to add arbitrary properties to prototype objects. In a second step, the attacker needs a vector of exploitation that accesses the polluted properties.
In this specific case, the arbitrary properties are added by crafting payloads that are deserialized into corrupted JavaScript objects by the Flight protocol used by React Server Components to communicate with the server. A client that needs data rendered by a React Server Component sends a request to a server endpoint. The server parses the incoming payload, executes the relevant server-side logic, and returns a serialized representation of the component tree. The second step here is the unsafe deserialization of the payload as promises. Unpatched React versions do not validate the serialized payload and begin resolving it (e.g., await the promise, thus running the injected then code). Server-side JavaScript environments impose little restriction on what this code can do, so the attacker can read files, spawn processes, and run arbitrary commands.
Readers will find in-depth technical details in Moritz Sanft’s walk-through. More importantly, companies should rush to patch the identified packages and the packages that list them as dependencies (e.g., some Vite plugins, react-router, waku).
