Skip to content

News
Cybercrime
Risk
Policy
Privacy
Research
Cloud
Insurance

LinkedIn
Facebook

react

Cloudflare says emergency React2Shell patch caused brief network outage

Cloud, Cybercrime, News, Risk, Vulnerabilities

December 5, 2025

Cloudflare said an emergency change to its Web Application Firewall to mitigate the critical React2Shell vulnerability briefly made its network unavailable, causing widespread 500 errors. The React flaw can allow unauthenticated remote code execution and researchers report active exploitation and circulating proof-of-concept exploits.
Critical React Server Components flaw (React2shell) allows unauthenticated remote code execution; Next.js also affected

Cloud, News, Risk, Vendors, Vulnerabilities

December 4, 2025

A critical deserialization flaw in React Server Components, tracked as CVE-2025-55182 and nicknamed React2shell, can allow unauthenticated remote code execution; related Next.js App Router releases are covered by CVE-2025-66478. Patches are available and vendors and security firms advise applying fixes and using WAFs or access restrictions.

About
Editorial Policy
Privacy
Contact