React2Shell Continued: What to know and do about the 2 latest CVEs

Recent vulnerabilities in React and Next.js, known collectively as React2Shell, have drawn significant attention due to their potential to facilitate remote code execution (RCE) attacks, presenting a serious threat to sensitive data. Following the announcement of React2Shell CVEs, two additional vulnerabilities—CVE-2025-55183 and CVE-2025-55184—were identified, affecting React Server Components by exposing source code and enabling denial of service (DoS) attacks, respectively. These vulnerabilities emphasize the necessity for organizations to promptly assess their systems for exposure and update to patched versions of the affected frameworks. Fastly, while not directly impacted, recommends using its Next-Gen WAF and Bot Management solutions for virtual patching and protection as organizations work to implement necessary updates. It is crucial for companies to adopt modern infrastructure practices, such as autoscaling, to mitigate the impact of potential DoS attacks and to remain vigilant against ongoing exploit attempts.