Netlify’s ongoing response to React2Shell

React2Shell, a critical vulnerability in Next.js and React Server Components, was publicly disclosed under the identifier CVE-2025-55182, prompting a swift response from Netlify and its industry partners to mitigate potential exploitation. Despite responsible disclosure and coordinated efforts to block the vulnerability, public exploits emerged quickly, leading to significant attack traffic, including from cryptomining campaigns and nation-state actors. Netlify responded by implementing traffic blocking rules, halting deployments using vulnerable Next.js versions, and recommending urgent upgrades to secure versions. The rapid exploitation underscores the industry's challenge in addressing vulnerabilities within short timeframes, as evidenced by the attack's parallels to the earlier Log4j vulnerability. Netlify continues to collaborate with developers and peers to safeguard applications, emphasizing the importance of customer action in upgrading and securing their systems to ensure comprehensive protection.