Home / Security updates / Critical RCE Vulnerability in React and Next.js - React2Shell
Critical RCE Vulnerability in React and Next.js - React2Shell
Security updates detail rendered from /security-updates/upd_e6bb66c1a850bb89.
Overview
| ID | upd_e6bb66c1a850bb89 |
| Collection | Security Updates |
| Provider | SafeBase |
| Company | OutSystems |
| URL | - |
| Counts | - |
| Updated | - |
Raw record
| Field | Value |
|---|---|
| id | upd_e6bb66c1a850bb89 |
| providerId | safebase |
| organizationId | org_0decd878c3bf1d15 |
| trustCenterId | tc_c5550fe1a987d713 |
| title | Critical RCE Vulnerability in React and Next.js - React2Shell |
| message | *Summary* OutSystems Security Team has completed the investigation of the Critical RCE Vulnerability in React and Next.js threat, CVE-2025-55182 and CVE-2025-66478. This vulnerability is related to Remote Code Execution (RCE) in React Server Components. OutSystems' Teams have validated their React code and assured that no react-server-xxx are used. The continuous monitoring of the OutSystems environment also confirmed that there is no vulnerability for the CVE-2025-55182. At time of writing, CVE-2025-66478 (https://nvd.nist.gov/vuln/detail/CVE-2025-66478) is now marked as duplicate of CVE-55182. *Scope of Validation* Our assessment involved all react components used in both O11 and ODC platforms. *Current Status* No evidence of active exploitation detected No confirmed vulnerable components identified within monitored scope Continuous monitoring remains in effect as detection logic and intelligence evolve *Ongoing Monitoring* OutSystems Security continues and actively monitors our e |
| url | - |
| publishedAt | 2025-12-08 |
| source | {
"field": "statuspage/public/compliance-update",
"category": "vulnerabilities"
} |
| company | {
"id": "org_0decd878c3bf1d15",
"name": "OutSystems",
"domains": [
"security.outsystems.com",
"outsystems.com"
]
} |
| trust_center | {
"id": "tc_c5550fe1a987d713",
"name": "OutSystems",
"url": "https://security.outsystems.com",
"host": "security.outsystems.com"
} |
| provider | {
"id": "safebase",
"name": "SafeBase"
} |
| links | {
"self": "/v1/security-updates/upd_e6bb66c1a850bb89",
"company": "/v1/companies/org_0decd878c3bf1d15",
"trust_center": "/v1/trust-centers/tc_c5550fe1a987d713",
"provider": "/v1/providers/safebase"
} |
Get this page with API
Rendered from the bluedoor Trust Centers API. Reproduce it:
GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_e6bb66c1a850bb89JSON