Home / Security updates / React2Shell remote code execution flaw, CVE-2025-55182 and CVE-2025-66478

React2Shell remote code execution flaw, CVE-2025-55182 and CVE-2025-66478

Security updates detail rendered from /security-updates/upd_3c0e8c945199ba9d.

Overview

Field	Value
id	upd_3c0e8c945199ba9d
providerId	safebase
organizationId	org_d6453fb8c77f0b6a
trustCenterId	tc_c6ca607ff40394b4
title	React2Shell remote code execution flaw, CVE-2025-55182 and CVE-2025-66478
message	Broadridge Threat Response December 10th, 2025 On December 3rd, Broadridge was informed of a critical vulnerability, React2Shell remote code execution flaw, CVE-2025-55182 and CVE-2025-66478. More details over the React2Shell vulnerability can be viewed at: NVD - CVE-2025-55182 and NVD - CVE-2025-66478 Broadridge has examined our perimeter systems, applied patches/mitigation as needed, and current scans have found no trace of the React2Shell vulnerability. Broadridge is continuously monitoring our environments to ensure our clients, customers, stakeholders, and associates remain unaffected.
url	-
publishedAt	2025-12-10
source	{ "field": "statuspage/public/compliance-update", "category": "vulnerabilities" }
company	{ "id": "org_d6453fb8c77f0b6a", "name": "Broadridge", "domains": [ "trust.broadridge.com", "broadridge.com" ] }
trust_center	{ "id": "tc_c6ca607ff40394b4", "name": "Broadridge", "url": "https://trust.broadridge.com", "host": "trust.broadridge.com" }
provider	{ "id": "safebase", "name": "SafeBase" }
links	{ "self": "/v1/security-updates/upd_3c0e8c945199ba9d", "company": "/v1/companies/org_d6453fb8c77f0b6a", "trust_center": "/v1/trust-centers/tc_c6ca607ff40394b4", "provider": "/v1/providers/safebase" }

Get this page with API

Rendered from the bluedoor Trust Centers API. Reproduce it:

GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_3c0e8c945199ba9dJSON