CVE-2025-55182: Understanding React’s Critical Prototype Pollution Vulnerability

Two new vulnerabilities in React and Next.js,  have exposed a critical weakness in the React Server Components’ (RSC) “Flight” protocol. These vulnerabilities, known as CVE-2025-55182 and its corresponding vulnerability in Next is  CVE-2025-66478 that impacts Next web deployments.  These vulnerabilities have the CVSS score of 10 and it enables hackers to run a script on a server through a single unauthenticated HTTP request. 

These are critical vulnerabilities that affect core RSC packages as well as major frameworks that rely on them, including Next.js, React Router’s RSC preview, Redwood SDK, Waku, and RSC plugins for Vite and Parcel.  

In this blog, we’ll explore how to deal with these vulnerabilities, how they work, and how you can defend your React and Next deployments. 

Let’s get started! 

Understanding CVE-2025-55182  

CVE-2025-55182 affects the react-server package within React Server Components. Additionally, both vulnerabilities emerge from insecure deserialization of RSC payloads. When the server receives a specially crafted payload, the RSC handler fails to properly validate it that allows  attacker-controlled data to control server-side execution. 

As a result, the JavaScript on the server is executed without authentication or prior access. What is even more dangerous is that they affect applications even if they do not define Server Functions, because the RSC integration layer itself invokes the vulnerable logic.

CVE-2025-55182: Myth vs Reality

Prototype Pollution in CVE-2025-55182: A Detailed Technical Breakdown

Here is the in-depth technical breakdown of prototype pollution in CVE-2025-55182: 

1. Prototype Pollution Mechanism

In JavaScript, all objects inherit from Object.prototype. If an attacker changes this prototype, every object automatically inherits the injected values. This is the basis of prototype pollution.

Modifying Object.prototype affects all objects, giving attackers broad influence over client-side behavior.

2. The Vulnerable Code

This function returns properties without checking ownership, allowing polluted prototype properties to be accessed.

How CVE-2025-55182 Works

Here is how attackers use React2Shell: 

The React Flight protocol serializes component trees for server-client communication. The vulnerability appears in how RSC decodes these serialized payloads.

1. Malicious Server (Attacker-Controlled):  an attacker operates a rogue server that crafts and delivers manipulated React Server Component (RSC) responses. These responses contain hidden payloads designed to exploit weaknesses in the client’s deserialization logic and trigger prototype pollution.

2. Sends RSC payload with “proto” keys: the attacker embeds dangerous __proto__ keys inside the RSC JSON stream. These keys are intentionally placed to alter the prototype chain during deserialization, enabling unauthorized property injection into core JavaScript objects.

3. Vulnerable React 19.0.0 Client deserializes: a React 19.0.0 client receives the malicious payload and begins processing it. Due to the vulnerable deserialization mechanism, the client treats the attacker-supplied structure as legitimate and processes it without adequate validation safeguards.

4. reviveModel() assigns without hasOwnProperty check:  React’s reviveModel() function assigns payload values directly to objects without verifying ownership using hasOwnProperty. This missing check allows inherited prototype properties to be overwritten, creating the ideal conditions for prototype pollution.

5. Object.prototype polluted on CLIENT: injected keys modify Object.prototype, causing every object in the client environment to inherit the attacker’s malicious properties. This broad, environment-wide contamination enables deep and unpredictable security consequences across the application.

6. Client-side application code uses polluted properties: the application unknowingly interacts with manipulated object properties. Normal logic begins reading or executing attacker-injected values, causing downstream corruption of data flows, misrouting of logic, or unsafe behavior within the browser environment.

7. Security bypasses, data leaks, XSS, DoS: this pollution can enable severe attacks, including bypassing client-side checks, leaking sensitive data, triggering stored or reflected XSS, or crashing parts of the application. Attackers gain powerful control over client behavior and stability.

The worrying fact is all of these  above steps can be carried out using a  single crafted HTTP request without authentication, no valid session, and no special environment configuration. 

This is not server-side RCE. The vulnerability affects the client’s browser, not the server.

How to Know If You’re Affected From CVE-2025-55182 

Here is a list of impacted products and versions from these CVE vulnerabilities: 

Affected Versions

Here are vulnerable React versions: 

• 19.0.0
• 19.1.0
• 19.1.1
• 19.2.0

Vulnerable Next version: 

• 15.0.0 through 15.2.5
• 16.0.0-canary.0 through 16.0.0-canary.13

Patched

Here are the patched React versions: 

• 19.0.1 and later
• 19.1.2 and later
•  19.2.1 and later

Here are the patched Next.js versions

• 15.2.6 and later
• 16.0.0-canary.14 and later

Note: React 18.x and earlier versions are not vulnerable (Server Components not available)

Real-World Attack Scenarios

Here are the real world attack scenarios: 

Example #1:  Authentication Bypass

Attacker makes the victim’s browser think they’re an admin when they’re not: 

Vulnerable code pattern:

After prototype pollution:

The potential impact: 

• Normal user gains admin privileges in browser session
•  Can access admin panels
• Can perform privileged operations
•  Can modify/delete data they shouldn’t access

Example #2: Input Validation Bypass

Attacker disables security features like CSRF protection, input validation, or rate limiting.

Here is the vulnerable code pattern:

After prototype pollution:

Here is the the potential impact:

• XSS attacks succeed
• SQL injection possible
• CSRF tokens ignored
• Rate limiting disabled

Example #3 Data Exfiltration

Attackers access sensitive data that should be hidden.

Here is the vulnerable code pattern:

After prototype pollution:

Here is the potential impact:

•  PII leaked
• Session tokens exposed
• API keys revealed
•  Financial data stolen

Example# 4: Denial of Service

Attacker crashes the victim’s application or browser.

Here is the vulnerable code pattern:

After prototype pollution:

Here is the potential impact:

• Application crashes
• Browser tab freezes
•  Infinite loops possible
• Memory exhaustion

Example #5: DOM Manipulation / XSS

Attacker injects malicious HTML/JavaScript into victim’s page.

Here is the vulnerable code pattern:

After prototype pollution:

Here is the potential impact:

• Steal session cookies
• Redirect to phishing sites
• Inject keyloggers
• Steal credentials

React2Shell (CVE-2025-55182) Attack Capabilities

A. What Attackers Can Do

1. Bypass authentication in victim’s browser

2. Disable input validation (enable XSS)

3. Steal data from victim’s browser (cookies, localStorage, session data)

4. Crash the application in victim’s browser tab

5. Execute JavaScript in victim’s browser context

6. Bypass CSRF protection if checks rely on object properties

7. Escalate privileges within the client-side application

8. Manipulate DOM and inject malicious content

B. What Attackers Cannot Do

1. Execute commands on the server (no shell access)

2. Access server files

3. Modify server database directly

4. Install backdoors on the server

5. Persist after page reload

6. Compromise the server itself

7. Affect other users (only individual vic

How to Patch (CVE-2025-55182) 

React 19.0.1, 19.1.2, and 19.2.1 include two critical fixes:

Fix 1: hasOwnProperty Check in Module Loading

The patch adds an explicit hasOwnProperty check to verify the property exists on the object itself, not inherited from the prototype chain.

Fix 2: Special Handling for __proto__

Explicit handling for the __proto__ key ensures it’s deleted/neutralized instead of polluting the prototype chain.

React2 Shell ( CVE-2025): Remediation Methodology 

Here are some immediate actions you can take: 

A. Upgrade React to patched versions

B.  Upgrade Next.js to patched versions

3. Verify your versions

npm list react react-dom next

Best Practices To Prevent CVE-2025-55182 

Below, we have presented a list of the best practices to prevent exploitation from React2Shell vulnerability: 

1. Defense- in -Depth

• Always validate user input on the server
• Use server-side session management
• Implement proper RBAC (Role-Based Access Control) on the backend

2. Security Headers

Strengthen client-side security by enforcing restrictive browser policies. Content-Security-Policy: default-src ‘self’; script-src ‘self’

3. Harden the Prototype

Freezing the global prototype helps prevent accidental or malicious modification:

Object.freeze(Object.prototype);

4. Code Review

Look for insecure patterns that rely on prototype-inherited properties:

if (obj.someProperty) { /* dangerous if relies on prototype */ }

5. Use hasOwnProperty in Security Checks

Always validate properties explicitly owned by the object:

if (Object.prototype.hasOwnProperty.call(obj, ‘isAdmin’)) {

 // Safe check

}

How to Patch the CVE-2025-55182 in Google Cloud 

WAF rules help reduce immediate risk, but the only reliable long-term fix is to patch the frameworks themselves. If you’re running React or Next.js on Google Cloud,  upgrade to the latest stable versions as soon as possible. Here is how you can do this upgrade: 

• Cloud Run, Cloud Run functions, and App Engine: update your application dependencies with the patched framework versions and redeploy.
• Google Kubernetes Engine (GKE): rebuild your container images with the updated framework versions and redeploy your pods.
• Compute Engine: Google’s public OS images do not ship with React or Next.js by default. If you’re using a custom image that includes these packages, update your workloads and ensure WAF protections are enabled in front of all services.
• Firebase: if you use Cloud Functions for Firebase, Firebase Hosting, or Firebase App Hosting, update your dependencies and redeploy. Firebase Hosting and App Hosting are also enforcing an additional rule to help block exploitation of CVE-2025-55182 across both custom and default domains.

Patching your applications removes the vulnerability at the source and is essential for maintaining the security and integrity of your workloads.

How to Patch the CVE-2025-55182 in Microsoft Azure  

Here is a short, clear remediation as provided by the Microsoft Azure blog: Protect against React RSC CVE-2025-55182 with Azure Web Application Firewall (WAF),  which keeps all original code blocks intact while making the narrative more natural and concise:

1. Add a Custom WAF Rule to Mitigate CVE-2025-55182

If you need a CVE-specific safeguard while patching your applications, you can add custom WAF rules designed to detect patterns associated with CVE-2025-55182. These rules are configured to block traffic, so test them in a staging environment before enabling them in production.

2. Implement Custom Rules for WAF on Application Gateway

3. Custom Rules for WAF on Azure Front Door

In short, the above WAF rule blocks potentially malicious requests linked to CVE-2025-55182 by detecting React/Next.js action headers, risky content types, and prototype-pollution keywords in the request body. 

How to Patch CVE-2025-55182 Vulnerability in AWS Cloud 

As an extra layer of protection, you can create a custom AWS WAF (Web Application Firewall) rule to help mitigate this issue. The sample rule below is configured to BLOCK by default. Make sure to test it in your environment first to confirm that it works as expected and doesn’t interfere with normal traffic. 

The above rule blocks POST requests from  React Server Component / Next.js App Router action payloads with specific internal markers against a suspected or known React/Next.js RCE-style attack.

Our Testing Methodology

To validate the impact of CVE-2025-55182, our team followed a multi-phase testing approach. Each phase helped us understand  how the vulnerability behaves in real-world scenarios and why early assumptions were incorrect. 

Phase 1: Initial Testing

We created an isolated AWS EC2 environment and tested by sending malicious payloads to a vulnerable React server. This revealed server-side behavior but didn’t demonstrate the actual client-side vulnerability.

 Learning: We tested the wrong attack direction.

Phase 2: Patch Analysis

We reviewed the actual React patch (PR #35277) and discovered:

• The vulnerability is client-side
• Affects RSC deserialization on the client
• Not related to Server Actions processing

Phase 3: Prototype Pollution Proof

We created standalone JavaScript tests demonstrating prototype pollution:

Phase 4: Interactive Demonstrations

We built interactive HTML demos showing:

• Authentication bypass
• Validation bypass’
• Data exfiltration
• Application crash (DoS)

Complete Attack Example

Setup:

• Attacker controls evil.com running Next.js
• Victim uses React 19.0.0 in their browser
•  Target is victim’s banking app at bank.com

Attack Flow

Step 1: Victim visits evil.com (via phishing email)

Step 2: Attacker’s server sends malicious RSC payload:

Step 3: Victim’s React 19.0.0 client deserializes payload. 

Step 4: Object.prototype is now polluted in the victim’s browser. 

Step 5: Victim navigates to bank.com in the same browser session.  

Step 6: Banking app checks: if (user.isAdmin) { showAdminPanel(); }

Step 7: Check passes (user.isAdmin inherits true from prototype). 

Step 8: Victim sees admin panel and can:

• Transfer money from any account
•  View all customer accounts
•  Modify permissions
• Export sensitive data

The server (bank.com) is not compromised. The victim’s browser has been tricked into bypassing all client-side security checks.

Our Research Process

Through our research, we:

•  Initially tested the wrong attack vector (server-side)
•   Discovered the truth through patch analysis
•   Created comprehensive demonstrations
•  Built interactive proof-of-concepts
• Documented findings

This reinforces the importance of:

• Reading actual patches, not just security advisories
• Understanding attack vectors before testing
•  Honest disclosure of research methodology
• Scientific rigor over sensationalism

Key Takeaways

CVE-2025-55182 represents one of the most impactful vulnerabilities disclosed in the React and Next.js ecosystem to date. Because the flaw affects default configurations and can be exploited with a single HTTP request, organizations must patch immediately, verify remediation, and strengthen dependency governance.

If you suspect you may already be targeted, reach out to your incident response provider or the Wiz IR team for investigation support.

Here are some key takeaways: 

1. Client-Side, Not Server-Side: This vulnerability impacts the victim’s browser only — the server remains uncompromised.
   
2. Complete Security Bypass: Allows full authentication bypass, data theft, XSS, and even denial-of-service inside the user’s browser.
   
3. CVSS 10.0 Is Justified: The ability to fully compromise client-side security warrants a critical severity rating.
   
4. Immediate Patching Required:
   All React 19.x users should upgrade to the patched versions without delay.
   
5. Defense in Depth:  Client-side checks are never sufficient on their own; always enforce security on the server.

References resources 

A. Official Sources

https://github.com/facebook/react/security/advisories/GHSA-fv66-9v8q-g76r)

Patch FlightReplyServer with fixes from ReactFlightClient by sebmarkbage · Pull Request #35277 · facebook/react · GitHub

NVD – CVE-2025-55182

Critical Security Vulnerability in React Server Components – React

B. Educational Resources 

https://portswigger.net/web-security/prototype-pollution

Appendix: Test Code

A. Standalone Prototype Pollution Test

B. Run the Test

node test.js

C. Expected Output (Vulnerable Build)

FAQs on CVE-2025-55182