{"id":6974,"date":"2025-12-05T10:23:57","date_gmt":"2025-12-05T10:23:57","guid":{"rendered":"https:\/\/locaterisk.com\/?p=6974"},"modified":"2026-02-12T14:46:59","modified_gmt":"2026-02-12T14:46:59","slug":"react2shell-cve-2025-55182","status":"publish","type":"post","link":"https:\/\/locaterisk.com\/fr\/react2shell-cve-2025-55182\/","title":{"rendered":"\u201eReact2Shell\u201c : vuln\u00e9rabilit\u00e9 critique dans React &amp; Next.js (CVE-2025-55182 \/ CVE-2025-66478)"},"content":{"rendered":"<div class=\"wp-block-lr-blog-article-header-module\">\n<div class=\"content\">\n<div class=\"main-content\">\n<h1 class=\"title\">\u201eReact2Shell\u201c : vuln\u00e9rabilit\u00e9 critique dans React &amp; Next.js (CVE-2025-55182 \/ CVE-2025-66478)<\/h1>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<p class=\"translation-block\">Le 3 d\u00e9cembre 2025, une vuln\u00e9rabilit\u00e9 critique a \u00e9t\u00e9 publi\u00e9e dans les <strong>React Server Components<\/strong> et le <strong>Next.js Framework<\/strong> qui s'appuie sur ceux-ci. Cette faille de s\u00e9curit\u00e9 permet une <strong>ex\u00e9cution de code \u00e0 distance (RCE)<\/strong>, c'est-\u00e0-dire l'ex\u00e9cution de n'importe quel code sur les serveurs concern\u00e9s, et touche potentiellement des milliers d'applications web dans le monde entier. Particuli\u00e8rement dangereux : la vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e <strong>sans authentification<\/strong> et \u00e0 distance.<\/p>\n\n\n\n<p>Environ <b>40% de tous les environnements en nuage<\/b> pourraient <strong>concern\u00e9 <\/strong>\u00eatre.<\/p>\n\n\n\n<p>Aujourd'hui, \u00e0 peine deux jours plus tard, une attaque massive a eu lieu <b>panne globale chez Cloudflare<\/b>. Des services tels que <b>LinkedIn, Zoom, Anthropic<\/b> et bien d'autres \u00e9taient temporairement inaccessibles. La raison : Cloudflare avait d\u00e9sactiv\u00e9 les fonctions de journalisation internes afin de r\u00e9agir \u00e0 la faille de s\u00e9curit\u00e9 React. Cela a entra\u00een\u00e9 un effet domino au sein de leur infrastructure.<\/p>\n\n\n\n<p>La vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e par des chercheurs en s\u00e9curit\u00e9 et des plateformes telles que <a href=\"https:\/\/www.wiz.io\/blog\/critical-vulnerability-in-react-cve-2025-55182\" target=\"_blank\" rel=\"noopener\">Wiz.io<\/a> le surnom <strong>\u201eReact2Shell\u201c<\/strong>. Le score CVSS est de 10.0, la criticit\u00e9 maximale possible.<\/p>\n\n\n<p><center><\/p>\n\n<figure style=\"width:700px;\" class=\"wp-block-post-featured-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1920\" height=\"1282\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2025\/12\/code-1839406_1920.jpg\" class=\"attachment-post-thumbnail size-post-thumbnail wp-post-image\" alt=\"\" style=\"object-fit:cover;\" \/><\/figure>\n\n<p><\/center><\/p>\n\n\n<h2 class=\"wp-block-heading\">Que s'est-il pass\u00e9 ?<\/h2>\n\n\n\n<p><b>Composants du serveur React (RSC)<\/b> permettent un rendu c\u00f4t\u00e9 serveur des composants React. Un protocole de transmission interne appel\u00e9 \u201eFlight\u201c est utilis\u00e9 \u00e0 cet effet. Les chercheurs en s\u00e9curit\u00e9 ont d\u00e9couvert que les attaquants pouvaient d\u00e9clencher des processus de d\u00e9s\u00e9rialisation non s\u00e9curis\u00e9s via des charges utiles manipul\u00e9es. <strong>R\u00e9sultat : n'importe quel code peut \u00eatre ex\u00e9cut\u00e9 sur le serveur cible.<\/strong><\/p>\n\n\n\n<p>Les paquets React suivants sont notamment concern\u00e9s :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>react-server-dom-webpack<\/li>\n\n\n\n<li>react-server-dom-vite<\/li>\n\n\n\n<li>react-server-dom-turbopack<\/li>\n<\/ul>\n\n\n\n<p>Les versions 19.0.0, 19.1.0, 19.1.1 et 19.2.0 de ces paquets sont notamment concern\u00e9es. L'ID CVE officiel pour React est le suivant <a href=\"https:\/\/react.dev\/blog\/2025\/12\/03\/critical-security-vulnerability-in-react-server-components\" target=\"_blank\" rel=\"noopener\">CVE-2025-55182<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Comment Next.js est-il affect\u00e9 ?<\/h2>\n\n\n\n<p>Comme le populaire framework web <strong>Next.js<\/strong> \u00e0 partir de la version 13, s'appuie par d\u00e9faut sur React Server Components (RSC), de nombreuses applications Next.js sont \u00e9galement vuln\u00e9rables. La faille Next.js a \u00e9t\u00e9 identifi\u00e9e s\u00e9par\u00e9ment en tant que <a href=\"https:\/\/nextjs.org\/blog\/CVE-2025-66478\" target=\"_blank\" rel=\"noopener\">CVE-2025-66478<\/a> a \u00e9t\u00e9 men\u00e9e.<\/p>\n\n\n\n<p>Sont notamment concern\u00e9es toutes les versions avec l'option <em>App Routeur<\/em>, principalement des versions majeures 15.x et 16.x. Les versions exp\u00e9rimentales \u201eCanary\u201c sont \u00e9galement concern\u00e9es.<\/p>\n\n\n\n<p>Les responsables de Next.js d\u00e9conseillent fortement de se fier aux param\u00e8tres de configuration, car il existe <strong>pas de bouton de d\u00e9sactivation<\/strong> du comportement dangereux. Une mise \u00e0 jour est absolument n\u00e9cessaire.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Quelles peuvent \u00eatre les cons\u00e9quences de cette lacune ?<\/h2>\n\n\n\n<p>La faille permet aux pirates d'ex\u00e9cuter du code arbitraire sur le serveur - sans authentification. Les sc\u00e9narios suivants sont donc envisageables, entre autres :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Reprise compl\u00e8te des serveurs concern\u00e9s<\/li>\n\n\n\n<li>Exfiltration de donn\u00e9es sensibles<\/li>\n\n\n\n<li>Placement de logiciels malveillants ou de portes d\u00e9rob\u00e9es<\/li>\n\n\n\n<li>Mouvements lat\u00e9raux dans le r\u00e9seau<\/li>\n\n\n\n<li>Dommages \u00e0 la r\u00e9putation et \u00e0 la conformit\u00e9<\/li>\n<\/ul>\n\n\n\n<p>C'est particuli\u00e8rement critique pour les plates-formes SaaS accessibles au public, les portails web, les passerelles API et les fronts clients.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Quels sont les produits &amp; frameworks concern\u00e9s ?<\/h2>\n\n\n\n<p>Outre React et Next.js, d'autres frameworks et toolchains peuvent \u00eatre concern\u00e9s s'ils utilisent des composants React Server. Il s'agit notamment de<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Vite<\/li>\n\n\n\n<li>Colis<\/li>\n\n\n\n<li>RedwoodJS<\/li>\n\n\n\n<li>Routeur React<\/li>\n\n\n\n<li>Remix (selon la configuration)<\/li>\n<\/ul>\n\n\n\n<p>Le fait que vos syst\u00e8mes soient concern\u00e9s d\u00e9pend en grande partie de l'utilisation ou non de fonctionnalit\u00e9s React RSC ou de frameworks bas\u00e9s sur ces fonctionnalit\u00e9s dans la production.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Quelles sont les contre-mesures ?<\/h2>\n\n\n\n<p>Les \u00e9quipes React et Next.js ont d\u00e9j\u00e0 <strong>Mises \u00e0 jour de s\u00e9curit\u00e9<\/strong> publi\u00e9 :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>React : <strong>19.0.1<\/strong>, <strong>19.1.2<\/strong>, <strong>19.2.1<\/strong><\/li>\n\n\n\n<li>Next.js : <strong>15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, 15.6.0-canary.58, 16.0.7<\/strong><\/li>\n<\/ul>\n\n\n\n<p><strong>Mesures recommand\u00e9es :<\/strong><\/p>\n\n\n\n<p style=\"padding: 20px 0 5px\"><b>1. faire l'inventaire de vos applications web<\/b><\/p>\n\n\n\n<p style=\"padding: 6px 0\"><b>2. identifier les versions de React et Next.js concern\u00e9es<\/b><\/p>\n\n\n\n<p style=\"padding: 6px 0\"><b>3. mettre \u00e0 jour vers les versions corrig\u00e9es<\/b><\/p>\n\n\n\n<p style=\"padding: 6px 0\"><b>4. v\u00e9rifier les journaux du serveur pour voir s'il y a des activit\u00e9s suspectes (par exemple, des charges utiles POST inhabituelles)<\/b><\/p>\n\n\n\n<p style=\"padding: 6px 0 20px\"><b>5. ajoutez des m\u00e9canismes de protection suppl\u00e9mentaires : par exemple des pare-feu d'applications web (WAF), IDS\/IPS<\/b><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Comment LocateRisk peut vous aider<\/h2>\n\n\n\n<p>Avec le <strong>Gestion de la surface d'attaque externe<\/strong> de <a href=\"https:\/\/locaterisk.com\/fr\/\" target=\"_blank\" rel=\"noopener\">LocateRisk<\/a> les entreprises d\u00e9tectent automatiquement si les syst\u00e8mes accessibles au public sont affect\u00e9s par des vuln\u00e9rabilit\u00e9s connues, telles que les failles de s\u00e9curit\u00e9. <strong>CVE-2025-55182,<\/strong>&nbsp;sont concern\u00e9s.<\/p>\n\n\n\n<p>La plateforme analyse votre surface d'attaque externe et vous informe des nouvelles CVE, des vecteurs d'attaque potentiels et des erreurs de configuration. Le temps de r\u00e9action essentiel aux failles de s\u00e9curit\u00e9 critiques comme React2Shell peut ainsi \u00eatre r\u00e9duit de mani\u00e8re drastique.<\/p>\n\n\n\n<p>Gr\u00e2ce \u00e0 la priorisation int\u00e9gr\u00e9e, \u00e0 l'\u00e9valuation des risques et aux rapports automatis\u00e9s, les \u00e9quipes informatiques et la direction gardent toujours une vue d'ensemble. M\u00eame dans les situations exceptionnelles.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Sources &amp; liens compl\u00e9mentaires<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/react.dev\/blog\/2025\/12\/03\/critical-security-vulnerability-in-react-server-components\" target=\"_blank\" rel=\"noopener\">Communication officielle React (react.dev)<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/nextjs.org\/blog\/CVE-2025-66478\" target=\"_blank\" rel=\"noopener\">Communiqu\u00e9 officiel de Next.js (nextjs.org)<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.wiz.io\/blog\/critical-vulnerability-in-react-cve-2025-55182\" target=\"_blank\" rel=\"noopener\">Blog post de Wiz.io<\/a><\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-lr-contact-post-module\">\n\t<div id=\"lr-contact-form\" class=\"wp-block-lr-contact-post-module\">\n\t\t<div id=\"formular\" class=\"content\">\n\t\t\t<div class=\"inner-content\">\n\t\t\t\t<div class=\"column-2 feature-mode\">\n\t\t\t\t\t<h2>Demandez maintenant une D\u00e9mo en direct personelle<\/h2>\n\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t<div>\n\t\t\t\t\t\t\t\t<p class=\"margin-b-36\">Identifiez et r\u00e9duisez vos cyber-risques gr\u00e2ce \u00e0 un aper\u00e7u comparable et compr\u00e9hensible de votre s\u00e9curit\u00e9 informatique. Demandez conseil \u00e0 nos experts et d\u00e9couvrez comment LocateRisk peut vous aider \u00e0 r\u00e9soudre vos cyber-risques.<\/p>\n\t\t\t\t\t\t\t<\/div>\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<\/div> \n\t\t\t\t<div class=\"column-2\">\n\t\t\t\t\t<form action=\"\" class=\"form\" method=\"post\" role=\"form\" novalidate data-trp-original-action=\"\">\n\t\t\t\t\t\t<input type=\"text\" id=\"successmessage\" name=\"successmessage\" value=\"\" hidden>\n\t\t\t\t\t\t<input type=\"text\" id=\"errormessage\" name=\"errormessage\" value=\"\" hidden>\n\t\t\t\t\t\t<input type=\"text\" id=\"slug\" name=\"slug\" value=\"react2shell-cve-2025-55182\" hidden>\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t<input\n\t\t\t\t\t\t\t\ttype=\"text\"\n\t\t\t\t\t\t\t\tid=\"name\"\n\t\t\t\t\t\t\t\tname=\"name\"\n\t\t\t\t\t\t\t\tplaceholder=\"Pr\u00e9nom\"\n\t\t\t\t\t\t\t\trequired\tmaxlength=\"50\"\/>\n\n\t\t\t\t\t\t\t<input\n\t\t\t\t\t\t\t\ttype=\"text\"\n\t\t\t\t\t\t\t\tid=\"surname\"\n\t\t\t\t\t\t\t\tname=\"surname\"\n\t\t\t\t\t\t\t\tplaceholder=\"Nom\"\n\t\t\t\t\t\t\t\trequired\n\t\t\t\t\t\t\t\tmaxlength=\"50\"\/>\n\t\t\t\t\t\t\n\t\t\t\t\t\t<input\n\t\t\t\t\t\t\ttype=\"email\"\n\t\t\t\t\t\t\tid=\"email\"\n\t\t\t\t\t\t\tname=\"email\"\n\t\t\t\t\t\t\tplaceholder=\"Courrier \u00e9lectronique\"\n\t\t\t\t\t\t\trequired\n\t\t\t\t\t\t\tmaxlength=\"50\"\/>\n\n\t\t\t\t\t\t<input\n\t\t\t\t\t\t\ttype=\"text\"\n\t\t\t\t\t\t\tid=\"phone\"\n\t\t\t\t\t\t\tname=\"phone\"\n\t\t\t\t\t\t\tplaceholder=\"T\u00e9l\u00e9phone\"\n\t\t\t\t\t\t\trequired\n\t\t\t\t\t\t\tmaxlength=\"50\"\/>\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t<h6 class=\"error-message\" hidden>...<\/h6>\n\t\t\t\t\t\t<div class=\"checkbox_container\">\n\t\t\t\t\t\t\t<div class=\"checkbox\">\n\t\t\t\t\t\t\t\t<input\n\t\t\t\t\t\t\t\t\ttype=\"checkbox\"\n\t\t\t\t\t\t\t\t\tid=\"checkbox\"\n\t\t\t\t\t\t\t\t\tname=\"checkbox\" \/>\n\n\t\t\t\t\t\t\t\t<label for=\"checkbox\"><\/label>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<p>J'ai fait le <a href=\"https:\/\/locaterisk.com\/fr\/datenschutz\/\" target=\"_blank\" rel=\"noreferrer noopener\">politique de confidentialit\u00e9.<\/a> lu<\/p> \n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\n\t\t\t\t\t<div class=\"g-recaptcha\" data-sitekey=\"6LdErNoZAAAAAD1Re2jNxtDFfcDaL9iED5MRBzjR\" data-callback=\"verifyRecaptchaCallback\" data-expired-callback=\"expiredRecaptchaCallback\"><\/div>\n\t\t\t\t\t<input type=\"hidden\" name=\"g-recaptcha-response\" data-recaptcha \/>\n\n\t\t\t\t\t\t<button class=\"lr-button-link\" type=\"submit\">Fixer un rendez-vous pour une d\u00e9mo en direct<\/button>\n\t\t\t\t\t<input type=\"hidden\" name=\"trp-form-language\" value=\"fr\"\/><\/form>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/div>\n\t\n\t<\/div>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity is-style-wide\"\/>\n\n\n\n<div class=\"wp-block-lr-contact-module\"><div class=\"content\"><h2>En savoir plus, r\u00e9server une d\u00e9mo ou simplement \u00e9changer quelques mots ? Nous nous en r\u00e9jouissons !<\/h2><div class=\"contact-info-row\"><div class=\"contact-person-info\"><div class=\"avatar\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2025\/06\/Lukas_Baumann_LocateRisk-300.png\"><\/div><p><span class=\"text before\">Votre Contact<\/span><span class=\"bold name\"><strong>Lukas<\/strong><\/span> <span class=\"lastname\"><strong>Baumann<strong><\/strong><\/strong><\/span><strong><strong><span class=\"separator\"><\/span><span class=\"role\">PDG<\/span><\/strong><\/strong><\/p><\/div><p class=\"bold phone\"><strong><strong>+49 6151 6290246<\/strong><\/strong><\/p><strong><strong><a class=\"pr-1\" href=\"mailto: sales@locaterisk.com\">Contactez-nous maintenant<\/a><\/strong><\/strong><\/div><\/div><\/div>\n\n\n\n<p><\/p>\n\n\n\n<div class=\"wp-block-lr-footer-module lr-footer-block\"><div class=\"content\"><div class=\"column0\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/assets\/img\/lr-logo.svg\"\/><\/div><div class=\"categories\"><div class=\"categories-element\"><a class=\"pr-4\" href=\"https:\/\/locaterisk.com\/fr\/\">Accueil<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/fr\/blog\/\">Blog<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/fr\/about\/\">par rapport \u00e0 nous<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/fr\/kontakt\/\">Contact<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/fr\/impressum\/\">mentiones l\u00e9gales<\/a><\/div><div class=\"categories-break\"><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/fr\/datenschutz\/\">Confidentialit\u00e9<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/files\/agb.pdf\">CONDITIONS G\u00c9N\u00c9RALES DE VENTE<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/fr\/jobs\/\">Carri\u00e8re<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/files\/sec-information.pdf\">s\u00e9curit\u00e9<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"https:\/\/app.secfix.com\/trust\/locaterisk\/d1e7d433b33643aea1880bfbfeab9f60\">Centre de confiance<\/a><\/div><\/div><div class=\"social\"><div class=\"social-element\"><a target=\"_blank\" href=\"https:\/\/www.linkedin.com\/company\/locaterisk\/\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/10\/gruppe-230@3x.png\"\/><\/a><\/div><div class=\"social-element\"><a target=\"_blank\" href=\"https:\/\/www.instagram.com\/locaterisk\/\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/Instagram.png\"\/><\/a><\/div><div class=\"social-element\"><a target=\"_blank\" href=\"https:\/\/twitter.com\/locaterisk\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/twitter.png\"\/><\/a><\/div><\/div><div class=\"description\"><h6>\u00a9 LocateRisk 2026<\/h6><\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>\u201eReact2Shell\u201c: Kritische Sicherheitsl\u00fccke in React &amp; Next.js (CVE-2025-55182 \/ CVE-2025-66478) Am 3. Dezember 2025 wurde eine kritische Schwachstelle in den React Server Components und dem darauf aufbauenden Next.js Framework ver\u00f6ffentlicht. Die Sicherheitsl\u00fccke erm\u00f6glicht eine Remote Code Execution (RCE), also das Ausf\u00fchren beliebigen Codes auf betroffenen Servern, und betrifft potenziell tausende Webanwendungen weltweit. Besonders gef\u00e4hrlich: Die [&hellip;]<\/p>\n","protected":false},"author":16,"featured_media":7007,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-6974","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>\u201eReact2Shell\u201c: Kritische Sicherheitsl\u00fccke in React &amp; Next.js (CVE-2025-55182 \/ CVE-2025-66478) | LocateRisk<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/locaterisk.com\/fr\/react2shell-cve-2025-55182\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u201eReact2Shell\u201c: Kritische Sicherheitsl\u00fccke in React &amp; Next.js (CVE-2025-55182 \/ CVE-2025-66478) | LocateRisk\" \/>\n<meta property=\"og:description\" content=\"\u201eReact2Shell\u201c: Kritische Sicherheitsl\u00fccke in React &amp; Next.js (CVE-2025-55182 \/ CVE-2025-66478) Am 3. Dezember 2025 wurde eine kritische Schwachstelle in den React Server Components und dem darauf aufbauenden Next.js Framework ver\u00f6ffentlicht. Die Sicherheitsl\u00fccke erm\u00f6glicht eine Remote Code Execution (RCE), also das Ausf\u00fchren beliebigen Codes auf betroffenen Servern, und betrifft potenziell tausende Webanwendungen weltweit. Besonders gef\u00e4hrlich: Die [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/locaterisk.com\/fr\/react2shell-cve-2025-55182\/\" \/>\n<meta property=\"og:site_name\" content=\"LocateRisk\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-05T10:23:57+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-12T14:46:59+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2025\/12\/code-1839406_1920.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1282\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Franz D\u00fcck\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"Franz D\u00fcck\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/react2shell-cve-2025-55182\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/react2shell-cve-2025-55182\\\/\"},\"author\":{\"name\":\"Franz D\u00fcck\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/person\\\/3efb68368f67fc9d7e0b08ce9b6ee473\"},\"headline\":\"\u201eReact2Shell\u201c: Kritische Sicherheitsl\u00fccke in React &#038; Next.js (CVE-2025-55182 \\\/ CVE-2025-66478)\",\"datePublished\":\"2025-12-05T10:23:57+00:00\",\"dateModified\":\"2026-02-12T14:46:59+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/react2shell-cve-2025-55182\\\/\"},\"wordCount\":613,\"publisher\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/react2shell-cve-2025-55182\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/code-1839406_1920.jpg\",\"articleSection\":[\"Uncategorized\"],\"inLanguage\":\"fr-FR\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/react2shell-cve-2025-55182\\\/\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/react2shell-cve-2025-55182\\\/\",\"name\":\"\u201eReact2Shell\u201c: Kritische Sicherheitsl\u00fccke in React & Next.js (CVE-2025-55182 \\\/ CVE-2025-66478) | LocateRisk\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/react2shell-cve-2025-55182\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/react2shell-cve-2025-55182\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/code-1839406_1920.jpg\",\"datePublished\":\"2025-12-05T10:23:57+00:00\",\"dateModified\":\"2026-02-12T14:46:59+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/react2shell-cve-2025-55182\\\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/locaterisk.com\\\/react2shell-cve-2025-55182\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/react2shell-cve-2025-55182\\\/#primaryimage\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/code-1839406_1920.jpg\",\"contentUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/code-1839406_1920.jpg\",\"width\":1920,\"height\":1282},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/react2shell-cve-2025-55182\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/locaterisk.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u201eReact2Shell\u201c: Kritische Sicherheitsl\u00fccke in React &#038; Next.js (CVE-2025-55182 \\\/ CVE-2025-66478)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#website\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/\",\"name\":\"LocateRisk\",\"description\":\"IT-Sicherheit messen und vergleichen\",\"publisher\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#organization\",\"name\":\"LocateRisk\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2020\\\/11\\\/Kettenglieder_V0216-9.jpg\",\"contentUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2020\\\/11\\\/Kettenglieder_V0216-9.jpg\",\"width\":1920,\"height\":1080,\"caption\":\"LocateRisk\"},\"image\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/company\\\/locaterisk\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/person\\\/3efb68368f67fc9d7e0b08ce9b6ee473\",\"name\":\"Franz D\u00fcck\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/8ba0c5b324cbfbb79dbb35780014234543360eb3158a5d66884bf8ed33184847?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/8ba0c5b324cbfbb79dbb35780014234543360eb3158a5d66884bf8ed33184847?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/8ba0c5b324cbfbb79dbb35780014234543360eb3158a5d66884bf8ed33184847?s=96&d=mm&r=g\",\"caption\":\"Franz D\u00fcck\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\u201eReact2Shell\u201c : vuln\u00e9rabilit\u00e9 critique dans React &amp; Next.js (CVE-2025-55182 \/ CVE-2025-66478) | LocateRisk","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/locaterisk.com\/fr\/react2shell-cve-2025-55182\/","og_locale":"fr_FR","og_type":"article","og_title":"\u201eReact2Shell\u201c: Kritische Sicherheitsl\u00fccke in React & Next.js (CVE-2025-55182 \/ CVE-2025-66478) | LocateRisk","og_description":"\u201eReact2Shell\u201c: Kritische Sicherheitsl\u00fccke in React &amp; Next.js (CVE-2025-55182 \/ CVE-2025-66478) Am 3. Dezember 2025 wurde eine kritische Schwachstelle in den React Server Components und dem darauf aufbauenden Next.js Framework ver\u00f6ffentlicht. Die Sicherheitsl\u00fccke erm\u00f6glicht eine Remote Code Execution (RCE), also das Ausf\u00fchren beliebigen Codes auf betroffenen Servern, und betrifft potenziell tausende Webanwendungen weltweit. Besonders gef\u00e4hrlich: Die [&hellip;]","og_url":"https:\/\/locaterisk.com\/fr\/react2shell-cve-2025-55182\/","og_site_name":"LocateRisk","article_published_time":"2025-12-05T10:23:57+00:00","article_modified_time":"2026-02-12T14:46:59+00:00","og_image":[{"width":1920,"height":1282,"url":"https:\/\/locaterisk.com\/wp-content\/uploads\/2025\/12\/code-1839406_1920.jpg","type":"image\/jpeg"}],"author":"Franz D\u00fcck","twitter_card":"summary_large_image","twitter_misc":{"\u00c9crit par":"Franz D\u00fcck","Dur\u00e9e de lecture estim\u00e9e":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/locaterisk.com\/react2shell-cve-2025-55182\/#article","isPartOf":{"@id":"https:\/\/locaterisk.com\/react2shell-cve-2025-55182\/"},"author":{"name":"Franz D\u00fcck","@id":"https:\/\/locaterisk.com\/de\/#\/schema\/person\/3efb68368f67fc9d7e0b08ce9b6ee473"},"headline":"\u201eReact2Shell\u201c: Kritische Sicherheitsl\u00fccke in React &#038; Next.js (CVE-2025-55182 \/ CVE-2025-66478)","datePublished":"2025-12-05T10:23:57+00:00","dateModified":"2026-02-12T14:46:59+00:00","mainEntityOfPage":{"@id":"https:\/\/locaterisk.com\/react2shell-cve-2025-55182\/"},"wordCount":613,"publisher":{"@id":"https:\/\/locaterisk.com\/de\/#organization"},"image":{"@id":"https:\/\/locaterisk.com\/react2shell-cve-2025-55182\/#primaryimage"},"thumbnailUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2025\/12\/code-1839406_1920.jpg","articleSection":["Uncategorized"],"inLanguage":"fr-FR"},{"@type":"WebPage","@id":"https:\/\/locaterisk.com\/react2shell-cve-2025-55182\/","url":"https:\/\/locaterisk.com\/react2shell-cve-2025-55182\/","name":"\u201eReact2Shell\u201c : vuln\u00e9rabilit\u00e9 critique dans React &amp; Next.js (CVE-2025-55182 \/ CVE-2025-66478) | LocateRisk","isPartOf":{"@id":"https:\/\/locaterisk.com\/de\/#website"},"primaryImageOfPage":{"@id":"https:\/\/locaterisk.com\/react2shell-cve-2025-55182\/#primaryimage"},"image":{"@id":"https:\/\/locaterisk.com\/react2shell-cve-2025-55182\/#primaryimage"},"thumbnailUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2025\/12\/code-1839406_1920.jpg","datePublished":"2025-12-05T10:23:57+00:00","dateModified":"2026-02-12T14:46:59+00:00","breadcrumb":{"@id":"https:\/\/locaterisk.com\/react2shell-cve-2025-55182\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/locaterisk.com\/react2shell-cve-2025-55182\/"]}]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/locaterisk.com\/react2shell-cve-2025-55182\/#primaryimage","url":"https:\/\/locaterisk.com\/wp-content\/uploads\/2025\/12\/code-1839406_1920.jpg","contentUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2025\/12\/code-1839406_1920.jpg","width":1920,"height":1282},{"@type":"BreadcrumbList","@id":"https:\/\/locaterisk.com\/react2shell-cve-2025-55182\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/locaterisk.com\/"},{"@type":"ListItem","position":2,"name":"\u201eReact2Shell\u201c: Kritische Sicherheitsl\u00fccke in React &#038; Next.js (CVE-2025-55182 \/ CVE-2025-66478)"}]},{"@type":"WebSite","@id":"https:\/\/locaterisk.com\/de\/#website","url":"https:\/\/locaterisk.com\/de\/","name":"LocateRisk","description":"Mesurer et comparer la s\u00e9curit\u00e9 informatique","publisher":{"@id":"https:\/\/locaterisk.com\/de\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/locaterisk.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Organization","@id":"https:\/\/locaterisk.com\/de\/#organization","name":"LocateRisk","url":"https:\/\/locaterisk.com\/de\/","logo":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/locaterisk.com\/de\/#\/schema\/logo\/image\/","url":"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/Kettenglieder_V0216-9.jpg","contentUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/Kettenglieder_V0216-9.jpg","width":1920,"height":1080,"caption":"LocateRisk"},"image":{"@id":"https:\/\/locaterisk.com\/de\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/locaterisk\/"]},{"@type":"Person","@id":"https:\/\/locaterisk.com\/de\/#\/schema\/person\/3efb68368f67fc9d7e0b08ce9b6ee473","name":"Franz D\u00fcck","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/secure.gravatar.com\/avatar\/8ba0c5b324cbfbb79dbb35780014234543360eb3158a5d66884bf8ed33184847?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/8ba0c5b324cbfbb79dbb35780014234543360eb3158a5d66884bf8ed33184847?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8ba0c5b324cbfbb79dbb35780014234543360eb3158a5d66884bf8ed33184847?s=96&d=mm&r=g","caption":"Franz D\u00fcck"}}]}},"_links":{"self":[{"href":"https:\/\/locaterisk.com\/fr\/wp-json\/wp\/v2\/posts\/6974","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/locaterisk.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/locaterisk.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/locaterisk.com\/fr\/wp-json\/wp\/v2\/users\/16"}],"replies":[{"embeddable":true,"href":"https:\/\/locaterisk.com\/fr\/wp-json\/wp\/v2\/comments?post=6974"}],"version-history":[{"count":39,"href":"https:\/\/locaterisk.com\/fr\/wp-json\/wp\/v2\/posts\/6974\/revisions"}],"predecessor-version":[{"id":7581,"href":"https:\/\/locaterisk.com\/fr\/wp-json\/wp\/v2\/posts\/6974\/revisions\/7581"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/locaterisk.com\/fr\/wp-json\/wp\/v2\/media\/7007"}],"wp:attachment":[{"href":"https:\/\/locaterisk.com\/fr\/wp-json\/wp\/v2\/media?parent=6974"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/locaterisk.com\/fr\/wp-json\/wp\/v2\/categories?post=6974"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/locaterisk.com\/fr\/wp-json\/wp\/v2\/tags?post=6974"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}