Update: The vulnerability is being actively exploited in the wild. To protect customers who aren’t using blocking mode across all apps and APIs, we rolled out a virtual patch that blocks exploitation of CVE-2025-55182 regardless of whether customers use blocking or monitoring mode. Reach out to support if you want to opt out.

A critical flaw (CVE-2025-55182) in React Server Components was publicly disclosed together with a working PoC. We are already seeing active exploitation attempts, including early scans and payload variants.

Wallarm Protection

Wallarm provides protection against attacks leveraging this CVE out of the box. We started detecting and blocking early exploitation attempts immediately after disclosure. Additionally, Wallarm has deployed new detection rules specifically targeting malicious RSC requests and PoC-derived payload patterns.

Summary & Technical Details

The vulnerability allows attackers to send malformed RSC metadata and tampered component streams, which can lead to:

• Unauthorized access to server-side data
• Manipulation of serialized RSC payloads
• Potential remote code execution depending on application logic

Impact

Successful exploitation may result in data exposure, privilege escalation, or server-side execution in vulnerable setups.

Recommendation

Update React to the latest patched release as soon as it becomes available.