CVE-2025-55182

React/Next.js Server Actions deserialisation ("React2Shell") — weaponised by PCPJack worm

First seen

2026-05-10

Last seen

2026-05-10

Appearances

External references

NVD · cve.org · CISA KEV

All cited sources for this CVE (1)

nvd.nist.govCVE-2025-55182https://nvd.nist.gov/vuln/detail/CVE-2025-55182
cited in 2026-05-10

Items in briefs that mention CVE-2025-55182

No item in any parsed brief carries this CVE in its metadata footer yet. Once a brief surfaces this CVE in an item-level footer, the analysis will appear here in full.

Brief appearances

CTI Daily Brief — 2026-05-10
daily31 items
2026-05-10