HackTheBox ReactOOPS (Web challenge) — Full Walkthrough
Feb 17 · 3 min read · ReactOOPS is a web-focused challenge that demonstrates how modern JavaScript frameworks can introduce critical backend vulnerabilities when misconfigured. In this walkthrough, we enumerate a Next.js application, identify a vulnerable React Server Com...
Join discussionReact2Shell (CVE-2025-55182): A Real-World Lesson on Why Incident Response Speed Matters
Dec 15, 2025 · 3 min read · Zero-day vulnerabilities with a CVSS score of 10 are not theoretical risks, they are production outages waiting to happen. The recent React2Shell vulnerability demonstrated this brutally: a simple payload led to remote code execution (RCE) across tho...
Join discussion
CVE-2025-55182: Remote Code Execution in React Server Components (10.0 CRITICAL)
Dec 10, 2025 · 4 min read · React Server Components introduced a powerful paradigm for building web applications—server-side logic that seamlessly integrates with client-side React. Unfortunately, a critical vulnerability in how React serializes and deserializes data between cl...
Join discussionUnveiling CVE-2025-55182 - React to this!
Dec 8, 2025 · 3 min read · Recently, a new unauthenticated remote code execution exploit was released under CVE-2025-55182. This exploit affects Next.js and React.js applications and it is spreading like wildfire. Fortunately, I am going to dive into what the exploit is and ho...
Join discussion
React2Shell: CVE-2025-55182 (TryHackMe)🧑🎄🎉
Dec 6, 2025 · 11 min read · Introduction In this task, we will explore CVE-2025-55182, one of the most critical vulnerabilities discovered in December 2025, with a maximum CVSS score of 10.0. This vulnerability affects React Server Components (RSC) and the frameworks that imple...
Join discussion
React2shell Leads to Full Microsoft 365 SharePoint compromise: How One Server Exploit Exposed an Entire Tenant
Dec 1, 2025 · 4 min read · As security researchers, we often analyze vulnerabilities in isolation. A Remote Code Execution (RCE) in a web app is one thing; sharepoint compromise in an enterprise cloud is another. But what happens when these two converge? To understand the true...
Join discussion
