Important update: critical security vulnerability called ‘React2Shell’

NetScalerSecurity

5 Dec

CVE-2025-55182

Update 08/Dec/25 : WAF Signatures have been updated now to address this CVE: https://community.citrix.com/techzone-blogs/netscaler/netscaler-waf-signatures-update-v166-react2shell-r1216/

A critical security vulnerability called ‘React2Shell’ exists in React Server Components that allows remote execution without authentication in React and Next.js applications.

This CVE has a CVSS score of 10.0.

From the react blog: Critical Security Vulnerability in React Server Components – React

At the time of writing, the WAF definitions for NetScaler Application Firewall have not yet been updated with mitigations against this CVE.

As an alternative mitigation we have released a Responder policy that will block this attack. The responder policy can be used in logging mode only if desired.

View the code snippet on Github:

BlogPosts/Use NetScaler to mitigate React.js CVE-2025-55182/config.md at main · Blubyte-eu/BlogPosts

React2ShellReact vulnerabilityNext.js securityRemote code executionCitrix NetScalerApplication securityCloud security BelgiumWeb application firewallCVE-2025-55182CVE-2025-66478

Frank Vandebergh

Important update: critical security vulnerability called ‘React2Shell’

Blubyte nv

About

Services

Important update: critical security vulnerability called ‘React2Shell’

Configuring a URL migration to a new domain to take effect after a specific date and hour

From Downtime to Uptime: Inspiring outcomes with Blubyte solutions

Blubyte nv

About

Services