Fastly's Proactive Protection for React2Shell, Critical React RCE CVE-2025-55182 and CVE-2025-66478

Fastly has been actively monitoring attempts to exploit the newly disclosed React2Shell vulnerabilities, CVE-2025-55182 and CVE-2025-66478, which affect applications using React 19 with React Server Components. After a proof of concept was publicly released, signals of exploitation attempts spiked, prompting Fastly to recommend immediate updates to React and Next.js applications. To mitigate risks, Fastly has released a Virtual Patch for its Next-Gen WAF to protect vulnerable systems while they await updates. The React2Shell vulnerability, a prototype pollution bug, allows attackers to execute arbitrary JavaScript code on affected servers with minimal effort, making it critical for organizations to apply protective measures quickly. Fastly's proactive collaboration with Vercel and other technology partners aims to provide cross-industry protection and minimize the impact of potential attacks. Fastly continues to monitor its global network and update customers on the evolving situation, emphasizing the importance of internet-wide resilience and collaboration among cloud providers.