This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SA-2025-143 - React2Shell (CVE-2025-55182)

SamPirok
Community Manager Community Manager
Community Manager
Thursday

Summary

A pre-authentication remote code execution exists in React Server Components, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The code unsafely deserializes payloads from HTTP requests to Server Function endpoints

 

Products Potentially Affected

OS/Product

Exposure

ExtremeAnalytics for Site Engine

No

ExtremeCloud IQ (XIQ)

No

ExtremeCloud IQ - Site Engine (XIQ-SE)

No

ExtremeCloud IQ Essentials

No

ExtremeCloud Orchestrator (XCO/EFA)

No

ExtremeLocation

No

Extreme AirDefense

No

ExtremeCloud Universal ZTNA

No

ExtremeControl for Site Engine

No

ExtremeCloud SD-WAN Appliance

No

Fabric Engine (VOSS)

No

Switch Engine (EXOS)

No

ExtremeCloud IQ Controller (IQC/XCC)

No

IQ Engine (HiveOS)

No

 

Repair Recommendation

None. 

 

Please see the full Security Advisory article here for more details and future updates. 

0 Kudos
Popular Articles
GTM-P2G8KFN