Home / Security updates / CVE-2025-55182 (React2Shell) Remote Code Execution Vulnerability
CVE-2025-55182 (React2Shell) Remote Code Execution Vulnerability
Security updates detail rendered from /security-updates/upd_3c4c9d12eee0c5e6.
Overview
| ID | upd_3c4c9d12eee0c5e6 |
| Collection | Security Updates |
| Provider | SafeBase |
| Company | Kurtosys Systems |
| URL | - |
| Counts | - |
| Updated | - |
Raw record
| Field | Value |
|---|---|
| id | upd_3c4c9d12eee0c5e6 |
| providerId | safebase |
| organizationId | org_1f8785214562fef5 |
| trustCenterId | tc_f0793fe2755be3ab |
| title | CVE-2025-55182 (React2Shell) Remote Code Execution Vulnerability |
| message | This communication serves to confirm the status of our systems in relation to the recently disclosed vulnerability, CVE-2025-55182, often referred to as "React2Shell" (Remote Code Execution in React Server Components). We started an immediate assessment of our application dependency manifest using our standard Software Bill of Materials (SBOM) scanning procedure. The primary goal was to check for the presence of the affected React versions and configurations outlined in the public advisory. Our findings thus far confirm that our application is not impacted by this vulnerability. The versions of React and related libraries currently deployed in your application environment do not fall within the scope of the affected versions detailed in the advisory. Cloudflare, our security partner and WAF provider, further confirmed that the WAF adds additional mitigation for this CVE: [Cloudflare WAF proactively protects against React vulnerability](https://blog.cloudflare.com/waf-rules-react-vul |
| url | - |
| publishedAt | 2025-12-05 |
| source | {
"field": "statuspage/public/compliance-update",
"category": "vulnerabilities"
} |
| company | {
"id": "org_1f8785214562fef5",
"name": "Kurtosys Systems",
"domains": [
"trust.kurtosys.com",
"kurtosys.com"
]
} |
| trust_center | {
"id": "tc_f0793fe2755be3ab",
"name": "Kurtosys Systems",
"url": "https://trust.kurtosys.com",
"host": "trust.kurtosys.com"
} |
| provider | {
"id": "safebase",
"name": "SafeBase"
} |
| links | {
"self": "/v1/security-updates/upd_3c4c9d12eee0c5e6",
"company": "/v1/companies/org_1f8785214562fef5",
"trust_center": "/v1/trust-centers/tc_f0793fe2755be3ab",
"provider": "/v1/providers/safebase"
} |
Get this page with API
Rendered from the bluedoor Trust Centers API. Reproduce it:
GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_3c4c9d12eee0c5e6JSON