HackTheBox ReactOOPS (Web challenge) — Full Walkthrough
Feb 17 · 3 min read · ReactOOPS is a web-focused challenge that demonstrates how modern JavaScript frameworks can introduce critical backend vulnerabilities when misconfigured. In this walkthrough, we enumerate a Next.js application, identify a vulnerable React Server Com...
Join discussionHow Basic Unix User Isolation Saved My Server from "React2Shell" (CVE-2025-55182)
Jan 15 · 12 min read · It’s every engineer’s nightmare: you wake up to an alert, log into your server, and find a process you didn’t start running at 100% CPU. That happened to me last early December. One of the projects that I was involved in, a Next.js marketing (landing...
Join discussion
React2Shell [CVE-2025-55182]
Jan 15 · 2 min read · IMPORTANTE Esta vulnerabilidad es un "Must-Patch" inmediato. Es una vulnerabilidad del tipo RCE (Remote Code Execution) y afecta al núcleo de React 19 y, por extensión, a NextJs y cualquier otro framework que utilice React Server Components (RSC). D...
Join discussion
React2shell for dummies
Dec 26, 2025 · 9 min read · If you prefer to read this blog in a static website, I've got the same content over at redtrib3.bearblog.dev. There has been a lot off fuzz lately about this new vulnerability in React and NextJS. All of this seems to be quiet confusing at first but...
Join discussion
React2Shell (CVE-2025-55182): A Real-World Lesson on Why Incident Response Speed Matters
Dec 15, 2025 · 3 min read · Zero-day vulnerabilities with a CVSS score of 10 are not theoretical risks, they are production outages waiting to happen. The recent React2Shell vulnerability demonstrated this brutally: a simple payload led to remote code execution (RCE) across tho...
Join discussion
React Flight Protocol
Dec 14, 2025 · 8 min read · The introduction of React Server Components (RSC) marked a paradigm shift in how we build React applications, allowing developers to leverage server-side capabilities directly within their component tree. But how do these server-rendered components c...
Join discussion
React’s Critical "React2Shell" Vulnerability — What You Should Know, and How to Upgrade Your App
Dec 10, 2025 · 8 min read · Web development is always evolving, and sometimes those changes happen a bit under the hood. One such change involved the shift to React Server Components (RSC). If you’re a NextJS or React developer, especially using the App Router, understanding th...
Join discussion
React2Shell: CVE-2025-55182 (TryHackMe)🧑🎄🎉
Dec 6, 2025 · 11 min read · Introduction In this task, we will explore CVE-2025-55182, one of the most critical vulnerabilities discovered in December 2025, with a maximum CVSS score of 10.0. This vulnerability affects React Server Components (RSC) and the frameworks that imple...
Join discussion
React2shell Leads to Full Microsoft 365 SharePoint compromise: How One Server Exploit Exposed an Entire Tenant
Dec 1, 2025 · 4 min read · As security researchers, we often analyze vulnerabilities in isolation. A Remote Code Execution (RCE) in a web app is one thing; sharepoint compromise in an enterprise cloud is another. But what happens when these two converge? To understand the true...
Join discussion