{"id":6974,"date":"2025-12-05T10:23:57","date_gmt":"2025-12-05T10:23:57","guid":{"rendered":"https:\/\/locaterisk.com\/?p=6974"},"modified":"2026-02-12T14:46:59","modified_gmt":"2026-02-12T14:46:59","slug":"react2shell-cve-2025-55182","status":"publish","type":"post","link":"https:\/\/locaterisk.com\/de\/react2shell-cve-2025-55182\/","title":{"rendered":"\u201eReact2Shell\u201c: Kritische Sicherheitsl\u00fccke in React &#038; Next.js (CVE-2025-55182 \/ CVE-2025-66478)"},"content":{"rendered":"\n<div class=\"wp-block-lr-blog-article-header-module\">\n<div class=\"content\">\n<div class=\"main-content\">\n<h1 class=\"title\">\u201eReact2Shell\u201c: Kritische Sicherheitsl\u00fccke in React &amp; Next.js (CVE-2025-55182 \/ CVE-2025-66478)<\/h1>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<p>Am 3. Dezember 2025 wurde eine kritische Schwachstelle in den <strong>React Server Components<\/strong> und dem darauf aufbauenden <strong>Next.js Framework<\/strong> ver\u00f6ffentlicht. Die Sicherheitsl\u00fccke erm\u00f6glicht eine <strong>Remote Code Execution (RCE)<\/strong>, also das Ausf\u00fchren beliebigen Codes auf betroffenen Servern, und betrifft potenziell tausende Webanwendungen weltweit. Besonders gef\u00e4hrlich: Die Schwachstelle kann <strong>unauthentifiziert<\/strong> und remote ausgenutzt werden.<\/p>\n\n\n\n<p>Etwa <b>40% aller Cloud-Umgebungen<\/b> k\u00f6nnten <strong>betroffen <\/strong>sein.<\/p>\n\n\n\n<p>Heute, nur zwei Tage sp\u00e4ter, kam es zu einem massiven <b>globalen Ausfall bei Cloudflare<\/b>. Dienste wie <b>LinkedIn, Zoom, Anthropic<\/b> und viele weitere waren zeitweise nicht erreichbar. Der Grund: Cloudflare hatte interne Logging-Funktionen deaktiviert, um auf die React-Sicherheitsl\u00fccke zu reagieren. Das f\u00fchrte zu einem Dominoeffekt innerhalb ihrer Infrastruktur.<\/p>\n\n\n\n<p>Die Schwachstelle erhielt von Sicherheitsforschern und Plattformen wie <a href=\"https:\/\/www.wiz.io\/blog\/critical-vulnerability-in-react-cve-2025-55182\" target=\"_blank\" rel=\"noopener\">Wiz.io<\/a> den Spitznamen <strong>\u201eReact2Shell\u201c<\/strong>. Der CVSS-Score liegt bei 10.0, der maximal m\u00f6glichen Kritikalit\u00e4t.<\/p>\n\n\n<p><center><\/p>\n\n<figure style=\"width:700px;\" class=\"wp-block-post-featured-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1920\" height=\"1282\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2025\/12\/code-1839406_1920.jpg\" class=\"attachment-post-thumbnail size-post-thumbnail wp-post-image\" alt=\"\" style=\"object-fit:cover;\" \/><\/figure>\n\n<p><\/center><\/p>\n\n\n<h2 class=\"wp-block-heading\">Was ist passiert?<\/h2>\n\n\n\n<p><b>React Server Components (RSC)<\/b> erm\u00f6glichen serverseitiges Rendering von React-Komponenten. Dabei kommt ein internes \u00dcbertragungsprotokoll namens \u201eFlight\u201c zum Einsatz. Sicherheitsforscher entdeckten, dass Angreifer \u00fcber manipulierte Payloads unsichere Deserialisierungsprozesse ausl\u00f6sen k\u00f6nnen. <strong>Das Resultat: beliebiger Code kann auf dem Zielserver ausgef\u00fchrt werden.<\/strong><\/p>\n\n\n\n<p>Betroffen sind insbesondere folgende React-Pakete:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>react-server-dom-webpack<\/li>\n\n\n\n<li>react-server-dom-vite<\/li>\n\n\n\n<li>react-server-dom-turbopack<\/li>\n<\/ul>\n\n\n\n<p>Betroffen sind insbesondere Versionen 19.0.0, 19.1.0, 19.1.1 und 19.2.0 dieser Pakete. Die offizielle CVE-ID f\u00fcr React lautet <a href=\"https:\/\/react.dev\/blog\/2025\/12\/03\/critical-security-vulnerability-in-react-server-components\" target=\"_blank\" rel=\"noopener\">CVE\u20112025\u201155182<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Wie ist Next.js betroffen?<\/h2>\n\n\n\n<p>Da das popul\u00e4re Webframework <strong>Next.js<\/strong> ab Version 13 standardm\u00e4\u00dfig auf React Server Components (RSC) setzt, sind auch viele Next.js-Anwendungen verwundbar. Die Next.js-L\u00fccke wurde separat als <a href=\"https:\/\/nextjs.org\/blog\/CVE-2025-66478\" target=\"_blank\" rel=\"noopener\">CVE\u20112025\u201166478<\/a> gef\u00fchrt.<\/p>\n\n\n\n<p>Betroffen sind insbesondere alle Versionen mit aktiviertem <em>App Router<\/em>, vor allem aus den Major-Versionen 15.x und 16.x. Auch experimentelle \u201eCanary\u201c-Releases sind betroffen.<\/p>\n\n\n\n<p>Die Next.js-Maintainer warnen ausdr\u00fccklich davor, sich auf Konfigurationseinstellungen zu verlassen, da es <strong>keinen Schalter zur Deaktivierung<\/strong> des gef\u00e4hrdenden Verhaltens gibt. Ein Update ist zwingend erforderlich.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Welche Folgen kann die L\u00fccke haben?<\/h2>\n\n\n\n<p>Die Schwachstelle erlaubt es Angreifern, beliebigen Code auf dem Server auszuf\u00fchren \u2013 ohne Authentifizierung. Damit sind u.\u202fa. folgende Szenarien denkbar:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Komplette \u00dcbernahme der betroffenen Server<\/li>\n\n\n\n<li>Exfiltration sensibler Daten<\/li>\n\n\n\n<li>Platzieren von Malware oder Backdoors<\/li>\n\n\n\n<li>Laterale Bewegungen im Netzwerk<\/li>\n\n\n\n<li>Reputations- und Compliance-Sch\u00e4den<\/li>\n<\/ul>\n\n\n\n<p>Besonders kritisch ist dies bei \u00f6ffentlich erreichbaren SaaS\u2011Plattformen, Webportalen, API-Gateways und Customer Frontends.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Welche Produkte &amp; Frameworks sind betroffen?<\/h2>\n\n\n\n<p>Neben React und Next.js k\u00f6nnen auch andere Frameworks und Toolchains betroffen sein, wenn sie React Server Components einsetzen. Dazu z\u00e4hlen:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Vite<\/li>\n\n\n\n<li>Parcel<\/li>\n\n\n\n<li>RedwoodJS<\/li>\n\n\n\n<li>React-Router<\/li>\n\n\n\n<li>Remix (je nach Setup)<\/li>\n<\/ul>\n\n\n\n<p>Ob Ihre Systeme betroffen sind, h\u00e4ngt ma\u00dfgeblich davon ab, ob React RSC-Funktionalit\u00e4ten oder darauf aufbauende Frameworks in der Produktion eingesetzt werden.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Welche Gegenma\u00dfnahmen gibt es?<\/h2>\n\n\n\n<p>Die React- und Next.js-Teams haben bereits <strong>Sicherheitsupdates<\/strong> ver\u00f6ffentlicht:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>React: <strong>19.0.1<\/strong>, <strong>19.1.2<\/strong>, <strong>19.2.1<\/strong><\/li>\n\n\n\n<li>Next.js: <strong>15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, 15.6.0-canary.58, 16.0.7<\/strong><\/li>\n<\/ul>\n\n\n\n<p><strong>Empfohlene Ma\u00dfnahmen:<\/strong><\/p>\n\n\n\n<p style=\"padding: 20px 0 5px\"><b>1. F\u00fchren Sie eine Inventarisierung Ihrer Webanwendungen durch<\/b><\/p>\n\n\n\n<p style=\"padding: 6px 0\"><b>2. Identifizieren Sie betroffene React- und Next.js-Versionen<\/b><\/p>\n\n\n\n<p style=\"padding: 6px 0\"><b>3. Aktualisieren Sie auf die gepatchten Versionen<\/b><\/p>\n\n\n\n<p style=\"padding: 6px 0\"><b>4. Pr\u00fcfen Sie Server-Logs auf verd\u00e4chtige Aktivit\u00e4ten (z.\u202fB. ungew\u00f6hnliche POST-Payloads)<\/b><\/p>\n\n\n\n<p style=\"padding: 6px 0 20px\"><b>5. Erg\u00e4nzen Sie zus\u00e4tzliche Schutzmechanismen: z.\u202fB. Web Application Firewalls (WAF), IDS\/IPS<\/b><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Wie LocateRisk Sie unterst\u00fctzen kann<\/h2>\n\n\n\n<p>Mit dem <strong>External Attack Surface Management<\/strong> von <a href=\"https:\/\/www.locaterisk.com\" target=\"_blank\" rel=\"noopener\">LocateRisk<\/a> erkennen Unternehmen automatisch, ob \u00f6ffentlich erreichbare Systeme von bekannten Schwachstellen , wie <strong>CVE\u20112025\u201155182,<\/strong>&nbsp;betroffen sind.<\/p>\n\n\n\n<p>Die Plattform scannt Ihre externe Angriffsfl\u00e4che und informiert Sie \u00fcber neue CVEs, potenzielle Angriffsvektoren und Konfigurationsfehler. Essenzielle Reaktionszeit auf kritische Sicherheitsl\u00fccken wie React2Shell kann damit drastisch reduziert werden.<\/p>\n\n\n\n<p>Dank integrierter Priorisierung, Risikobewertung und automatisierter Reports behalten IT-Teams und Management stets den \u00dcberblick. Auch in Ausnahmesituationen.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Quellen &amp; weiterf\u00fchrende Links<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/react.dev\/blog\/2025\/12\/03\/critical-security-vulnerability-in-react-server-components\" target=\"_blank\" rel=\"noopener\">Offizielle React Mitteilung (react.dev)<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/nextjs.org\/blog\/CVE-2025-66478\" target=\"_blank\" rel=\"noopener\">Offizielle Next.js Mitteilung (nextjs.org)<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.wiz.io\/blog\/critical-vulnerability-in-react-cve-2025-55182\" target=\"_blank\" rel=\"noopener\">Wiz.io Blogpost<\/a><\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-lr-contact-post-module\">\n\t<div id=\"lr-contact-form\" class=\"wp-block-lr-contact-post-module\">\n\t\t<div id=\"formular\" class=\"content\">\n\t\t\t<div class=\"inner-content\">\n\t\t\t\t<div class=\"column-2 feature-mode\">\n\t\t\t\t\t<h2>Fragen Sie jetzt Ihre pers\u00f6nliche Live-Demo an<\/h2>\n\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t<div>\n\t\t\t\t\t\t\t\t<p class=\"margin-b-36\">Erkennen und reduzieren Sie Ihre Cyberrisiken durch einen vergleichbaren und verst\u00e4ndlichen \u00dcberblick Ihrer IT-Sicherheit. Lassen Sie sich von unseren Experten beraten und finden Sie heraus, wie LocateRisk Ihnen bei der L\u00f6sung Ihrer Cyberrisiken helfen kann.<\/p>\n\t\t\t\t\t\t\t<\/div>\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<\/div> \n\t\t\t\t<div class=\"column-2\">\n\t\t\t\t\t<form action=\"\" class=\"form\" method=\"post\" role=\"form\" novalidate >\n\t\t\t\t\t\t<input type=\"text\" id=\"successmessage\" name=\"successmessage\" value=\"\" hidden\/>\n\t\t\t\t\t\t<input type=\"text\" id=\"errormessage\" name=\"errormessage\" value=\"\" hidden\/>\n\t\t\t\t\t\t<input type=\"text\" id=\"slug\" name=\"slug\" value=\"react2shell-cve-2025-55182\" hidden\/>\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t<input\n\t\t\t\t\t\t\t\ttype=\"text\"\n\t\t\t\t\t\t\t\tid=\"name\"\n\t\t\t\t\t\t\t\tname=\"name\"\n\t\t\t\t\t\t\t\tplaceholder=\"Vorname\"\n\t\t\t\t\t\t\t\trequired \n\t\t\t\t\t\t\t\tmaxlength=\"50\"\/>\n\n\t\t\t\t\t\t\t<input\n\t\t\t\t\t\t\t\ttype=\"text\"\n\t\t\t\t\t\t\t\tid=\"surname\"\n\t\t\t\t\t\t\t\tname=\"surname\"\n\t\t\t\t\t\t\t\tplaceholder=\"Nachname\"\n\t\t\t\t\t\t\t\trequired\n\t\t\t\t\t\t\t\tmaxlength=\"50\"\/>\n\t\t\t\t\t\t\n\t\t\t\t\t\t<input\n\t\t\t\t\t\t\ttype=\"email\"\n\t\t\t\t\t\t\tid=\"email\"\n\t\t\t\t\t\t\tname=\"email\"\n\t\t\t\t\t\t\tplaceholder=\"E-Mail\"\n\t\t\t\t\t\t\trequired\n\t\t\t\t\t\t\tmaxlength=\"50\"\/>\n\n\t\t\t\t\t\t<input\n\t\t\t\t\t\t\ttype=\"text\"\n\t\t\t\t\t\t\tid=\"phone\"\n\t\t\t\t\t\t\tname=\"phone\"\n\t\t\t\t\t\t\tplaceholder=\"Telefon\"\n\t\t\t\t\t\t\trequired\n\t\t\t\t\t\t\tmaxlength=\"50\"\/>\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t<h6 class=\"error-message\" hidden>...<\/h6>\n\t\t\t\t\t\t<div class=\"checkbox_container\">\n\t\t\t\t\t\t\t<div class=\"checkbox\">\n\t\t\t\t\t\t\t\t<input\n\t\t\t\t\t\t\t\t\ttype=\"checkbox\"\n\t\t\t\t\t\t\t\t\tid=\"checkbox\"\n\t\t\t\t\t\t\t\t\tname=\"checkbox\" \/>\n\n\t\t\t\t\t\t\t\t<label for=\"checkbox\"><\/label>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<p>Ich habe die <a href=\"https:\/\/locaterisk.com\/de\/datenschutz\/\" target=\"_blank\" rel=\"noreferrer noopener\">Datenschutzbestimmungen<\/a> gelesen<\/p> \n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\n\t\t\t\t\t<div class=\"g-recaptcha\" data-sitekey=\"6LdErNoZAAAAAD1Re2jNxtDFfcDaL9iED5MRBzjR\" data-callback=\"verifyRecaptchaCallback\" data-expired-callback=\"expiredRecaptchaCallback\"><\/div>\n\t\t\t\t\t<input type=\"hidden\" name=\"g-recaptcha-response\" data-recaptcha \/>\n\n\t\t\t\t\t\t<button class=\"lr-button-link\" type=\"submit\">Live-Demo-Termin vereinbaren<\/button>\n\t\t\t\t\t<\/form>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/div>\n\t\n\t<\/div>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity is-style-wide\"\/>\n\n\n\n<div class=\"wp-block-lr-contact-module\"><div class=\"content\"><h2>Mehr erfahren, Demo buchen oder einfach mal kurz austauschen? Wir freuen uns!<\/h2><div class=\"contact-info-row\"><div class=\"contact-person-info\"><div class=\"avatar\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2025\/06\/Lukas_Baumann_LocateRisk-300.png\"><\/div><p><span class=\"text before\">Ihr Ansprechpartner<\/span><span class=\"bold name\"><strong>Lukas<\/strong><\/span> <span class=\"lastname\"><strong>Baumann<strong><\/strong><\/strong><\/span><strong><strong><span class=\"separator\"><\/span><span class=\"role\">CEO<\/span><\/strong><\/strong><\/p><\/div><p class=\"bold phone\"><strong><strong>+49 6151 6290246<\/strong><\/strong><\/p><strong><strong><a class=\"pr-1\" href=\"mailto: sales@locaterisk.com\">Jetzt Kontakt aufnehmen<\/a><\/strong><\/strong><\/div><\/div><\/div>\n\n\n\n<p><\/p>\n\n\n\n<div class=\"wp-block-lr-footer-module lr-footer-block\"><div class=\"content\"><div class=\"column0\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/assets\/img\/lr-logo.svg\"\/><\/div><div class=\"categories\"><div class=\"categories-element\"><a class=\"pr-4\" href=\"https:\/\/locaterisk.com\/\">Home<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/blog\">Blog<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/about\">\u00dcber uns<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/kontakt\">Kontakt<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/impressum\">Impressum<\/a><\/div><div class=\"categories-break\"><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/datenschutz\">Datenschutz<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/files\/agb.pdf\">AGB<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/jobs\">Jobs<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/files\/sec-information.pdf\">Security<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"https:\/\/app.secfix.com\/trust\/locaterisk\/d1e7d433b33643aea1880bfbfeab9f60\">Trust Center<\/a><\/div><\/div><div class=\"social\"><div class=\"social-element\"><a target=\"_blank\" href=\"https:\/\/www.linkedin.com\/company\/locaterisk\/\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/10\/gruppe-230@3x.png\"\/><\/a><\/div><div class=\"social-element\"><a target=\"_blank\" href=\"https:\/\/www.instagram.com\/locaterisk\/\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/Instagram.png\"\/><\/a><\/div><div class=\"social-element\"><a target=\"_blank\" href=\"https:\/\/twitter.com\/locaterisk\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/twitter.png\"\/><\/a><\/div><\/div><div class=\"description\"><h6>\u00a9 LocateRisk 2026<\/h6><\/div><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>\u201eReact2Shell\u201c: Kritische Sicherheitsl\u00fccke in React &amp; Next.js (CVE-2025-55182 \/ CVE-2025-66478) Am 3. Dezember 2025 wurde eine kritische Schwachstelle in den React Server Components und dem darauf aufbauenden Next.js Framework ver\u00f6ffentlicht. Die Sicherheitsl\u00fccke erm\u00f6glicht eine Remote Code Execution (RCE), also das Ausf\u00fchren beliebigen Codes auf betroffenen Servern, und betrifft potenziell tausende Webanwendungen weltweit. Besonders gef\u00e4hrlich: Die [&hellip;]<\/p>\n","protected":false},"author":16,"featured_media":7007,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-6974","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>\u201eReact2Shell\u201c: Kritische Sicherheitsl\u00fccke in React &amp; Next.js (CVE-2025-55182 \/ CVE-2025-66478) | LocateRisk<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/locaterisk.com\/de\/react2shell-cve-2025-55182\/\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u201eReact2Shell\u201c: Kritische Sicherheitsl\u00fccke in React &amp; Next.js (CVE-2025-55182 \/ CVE-2025-66478) | LocateRisk\" \/>\n<meta property=\"og:description\" content=\"\u201eReact2Shell\u201c: Kritische Sicherheitsl\u00fccke in React &amp; Next.js (CVE-2025-55182 \/ CVE-2025-66478) Am 3. Dezember 2025 wurde eine kritische Schwachstelle in den React Server Components und dem darauf aufbauenden Next.js Framework ver\u00f6ffentlicht. Die Sicherheitsl\u00fccke erm\u00f6glicht eine Remote Code Execution (RCE), also das Ausf\u00fchren beliebigen Codes auf betroffenen Servern, und betrifft potenziell tausende Webanwendungen weltweit. Besonders gef\u00e4hrlich: Die [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/locaterisk.com\/de\/react2shell-cve-2025-55182\/\" \/>\n<meta property=\"og:site_name\" content=\"LocateRisk\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-05T10:23:57+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-12T14:46:59+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2025\/12\/code-1839406_1920.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1282\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Franz D\u00fcck\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Verfasst von\" \/>\n\t<meta name=\"twitter:data1\" content=\"Franz D\u00fcck\" \/>\n\t<meta name=\"twitter:label2\" content=\"Gesch\u00e4tzte Lesezeit\" \/>\n\t<meta name=\"twitter:data2\" content=\"5\u00a0Minuten\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/react2shell-cve-2025-55182\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/react2shell-cve-2025-55182\\\/\"},\"author\":{\"name\":\"Franz D\u00fcck\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/person\\\/3efb68368f67fc9d7e0b08ce9b6ee473\"},\"headline\":\"\u201eReact2Shell\u201c: Kritische Sicherheitsl\u00fccke in React &#038; Next.js (CVE-2025-55182 \\\/ CVE-2025-66478)\",\"datePublished\":\"2025-12-05T10:23:57+00:00\",\"dateModified\":\"2026-02-12T14:46:59+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/react2shell-cve-2025-55182\\\/\"},\"wordCount\":613,\"publisher\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/react2shell-cve-2025-55182\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/code-1839406_1920.jpg\",\"articleSection\":[\"Uncategorized\"],\"inLanguage\":\"de\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/react2shell-cve-2025-55182\\\/\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/react2shell-cve-2025-55182\\\/\",\"name\":\"\u201eReact2Shell\u201c: Kritische Sicherheitsl\u00fccke in React & Next.js (CVE-2025-55182 \\\/ CVE-2025-66478) | LocateRisk\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/react2shell-cve-2025-55182\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/react2shell-cve-2025-55182\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/code-1839406_1920.jpg\",\"datePublished\":\"2025-12-05T10:23:57+00:00\",\"dateModified\":\"2026-02-12T14:46:59+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/react2shell-cve-2025-55182\\\/#breadcrumb\"},\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/locaterisk.com\\\/react2shell-cve-2025-55182\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/react2shell-cve-2025-55182\\\/#primaryimage\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/code-1839406_1920.jpg\",\"contentUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/code-1839406_1920.jpg\",\"width\":1920,\"height\":1282},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/react2shell-cve-2025-55182\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/locaterisk.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u201eReact2Shell\u201c: Kritische Sicherheitsl\u00fccke in React &#038; Next.js (CVE-2025-55182 \\\/ CVE-2025-66478)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#website\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/\",\"name\":\"LocateRisk\",\"description\":\"IT-Sicherheit messen und vergleichen\",\"publisher\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"de\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#organization\",\"name\":\"LocateRisk\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2020\\\/11\\\/Kettenglieder_V0216-9.jpg\",\"contentUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2020\\\/11\\\/Kettenglieder_V0216-9.jpg\",\"width\":1920,\"height\":1080,\"caption\":\"LocateRisk\"},\"image\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/company\\\/locaterisk\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/person\\\/3efb68368f67fc9d7e0b08ce9b6ee473\",\"name\":\"Franz D\u00fcck\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/8ba0c5b324cbfbb79dbb35780014234543360eb3158a5d66884bf8ed33184847?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/8ba0c5b324cbfbb79dbb35780014234543360eb3158a5d66884bf8ed33184847?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/8ba0c5b324cbfbb79dbb35780014234543360eb3158a5d66884bf8ed33184847?s=96&d=mm&r=g\",\"caption\":\"Franz D\u00fcck\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\u201eReact2Shell\u201c: Kritische Sicherheitsl\u00fccke in React & Next.js (CVE-2025-55182 \/ CVE-2025-66478) | LocateRisk","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/locaterisk.com\/de\/react2shell-cve-2025-55182\/","og_locale":"de_DE","og_type":"article","og_title":"\u201eReact2Shell\u201c: Kritische Sicherheitsl\u00fccke in React & Next.js (CVE-2025-55182 \/ CVE-2025-66478) | LocateRisk","og_description":"\u201eReact2Shell\u201c: Kritische Sicherheitsl\u00fccke in React &amp; Next.js (CVE-2025-55182 \/ CVE-2025-66478) Am 3. Dezember 2025 wurde eine kritische Schwachstelle in den React Server Components und dem darauf aufbauenden Next.js Framework ver\u00f6ffentlicht. Die Sicherheitsl\u00fccke erm\u00f6glicht eine Remote Code Execution (RCE), also das Ausf\u00fchren beliebigen Codes auf betroffenen Servern, und betrifft potenziell tausende Webanwendungen weltweit. Besonders gef\u00e4hrlich: Die [&hellip;]","og_url":"https:\/\/locaterisk.com\/de\/react2shell-cve-2025-55182\/","og_site_name":"LocateRisk","article_published_time":"2025-12-05T10:23:57+00:00","article_modified_time":"2026-02-12T14:46:59+00:00","og_image":[{"width":1920,"height":1282,"url":"https:\/\/locaterisk.com\/wp-content\/uploads\/2025\/12\/code-1839406_1920.jpg","type":"image\/jpeg"}],"author":"Franz D\u00fcck","twitter_card":"summary_large_image","twitter_misc":{"Verfasst von":"Franz D\u00fcck","Gesch\u00e4tzte Lesezeit":"5\u00a0Minuten"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/locaterisk.com\/react2shell-cve-2025-55182\/#article","isPartOf":{"@id":"https:\/\/locaterisk.com\/react2shell-cve-2025-55182\/"},"author":{"name":"Franz D\u00fcck","@id":"https:\/\/locaterisk.com\/de\/#\/schema\/person\/3efb68368f67fc9d7e0b08ce9b6ee473"},"headline":"\u201eReact2Shell\u201c: Kritische Sicherheitsl\u00fccke in React &#038; Next.js (CVE-2025-55182 \/ CVE-2025-66478)","datePublished":"2025-12-05T10:23:57+00:00","dateModified":"2026-02-12T14:46:59+00:00","mainEntityOfPage":{"@id":"https:\/\/locaterisk.com\/react2shell-cve-2025-55182\/"},"wordCount":613,"publisher":{"@id":"https:\/\/locaterisk.com\/de\/#organization"},"image":{"@id":"https:\/\/locaterisk.com\/react2shell-cve-2025-55182\/#primaryimage"},"thumbnailUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2025\/12\/code-1839406_1920.jpg","articleSection":["Uncategorized"],"inLanguage":"de"},{"@type":"WebPage","@id":"https:\/\/locaterisk.com\/react2shell-cve-2025-55182\/","url":"https:\/\/locaterisk.com\/react2shell-cve-2025-55182\/","name":"\u201eReact2Shell\u201c: Kritische Sicherheitsl\u00fccke in React & Next.js (CVE-2025-55182 \/ CVE-2025-66478) | LocateRisk","isPartOf":{"@id":"https:\/\/locaterisk.com\/de\/#website"},"primaryImageOfPage":{"@id":"https:\/\/locaterisk.com\/react2shell-cve-2025-55182\/#primaryimage"},"image":{"@id":"https:\/\/locaterisk.com\/react2shell-cve-2025-55182\/#primaryimage"},"thumbnailUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2025\/12\/code-1839406_1920.jpg","datePublished":"2025-12-05T10:23:57+00:00","dateModified":"2026-02-12T14:46:59+00:00","breadcrumb":{"@id":"https:\/\/locaterisk.com\/react2shell-cve-2025-55182\/#breadcrumb"},"inLanguage":"de","potentialAction":[{"@type":"ReadAction","target":["https:\/\/locaterisk.com\/react2shell-cve-2025-55182\/"]}]},{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/locaterisk.com\/react2shell-cve-2025-55182\/#primaryimage","url":"https:\/\/locaterisk.com\/wp-content\/uploads\/2025\/12\/code-1839406_1920.jpg","contentUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2025\/12\/code-1839406_1920.jpg","width":1920,"height":1282},{"@type":"BreadcrumbList","@id":"https:\/\/locaterisk.com\/react2shell-cve-2025-55182\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/locaterisk.com\/"},{"@type":"ListItem","position":2,"name":"\u201eReact2Shell\u201c: Kritische Sicherheitsl\u00fccke in React &#038; Next.js (CVE-2025-55182 \/ CVE-2025-66478)"}]},{"@type":"WebSite","@id":"https:\/\/locaterisk.com\/de\/#website","url":"https:\/\/locaterisk.com\/de\/","name":"LocateRisk","description":"IT-Sicherheit messen und vergleichen","publisher":{"@id":"https:\/\/locaterisk.com\/de\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/locaterisk.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"de"},{"@type":"Organization","@id":"https:\/\/locaterisk.com\/de\/#organization","name":"LocateRisk","url":"https:\/\/locaterisk.com\/de\/","logo":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/locaterisk.com\/de\/#\/schema\/logo\/image\/","url":"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/Kettenglieder_V0216-9.jpg","contentUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/Kettenglieder_V0216-9.jpg","width":1920,"height":1080,"caption":"LocateRisk"},"image":{"@id":"https:\/\/locaterisk.com\/de\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/locaterisk\/"]},{"@type":"Person","@id":"https:\/\/locaterisk.com\/de\/#\/schema\/person\/3efb68368f67fc9d7e0b08ce9b6ee473","name":"Franz D\u00fcck","image":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/secure.gravatar.com\/avatar\/8ba0c5b324cbfbb79dbb35780014234543360eb3158a5d66884bf8ed33184847?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/8ba0c5b324cbfbb79dbb35780014234543360eb3158a5d66884bf8ed33184847?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8ba0c5b324cbfbb79dbb35780014234543360eb3158a5d66884bf8ed33184847?s=96&d=mm&r=g","caption":"Franz D\u00fcck"}}]}},"_links":{"self":[{"href":"https:\/\/locaterisk.com\/de\/wp-json\/wp\/v2\/posts\/6974","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/locaterisk.com\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/locaterisk.com\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/locaterisk.com\/de\/wp-json\/wp\/v2\/users\/16"}],"replies":[{"embeddable":true,"href":"https:\/\/locaterisk.com\/de\/wp-json\/wp\/v2\/comments?post=6974"}],"version-history":[{"count":39,"href":"https:\/\/locaterisk.com\/de\/wp-json\/wp\/v2\/posts\/6974\/revisions"}],"predecessor-version":[{"id":7581,"href":"https:\/\/locaterisk.com\/de\/wp-json\/wp\/v2\/posts\/6974\/revisions\/7581"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/locaterisk.com\/de\/wp-json\/wp\/v2\/media\/7007"}],"wp:attachment":[{"href":"https:\/\/locaterisk.com\/de\/wp-json\/wp\/v2\/media?parent=6974"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/locaterisk.com\/de\/wp-json\/wp\/v2\/categories?post=6974"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/locaterisk.com\/de\/wp-json\/wp\/v2\/tags?post=6974"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}