React2Shell vulnerability detection now possible

Security business menu

Security business
HOME

Service

Handling Manufacturer

Examples/reports/
Blog/Glossary

Seminar/
video on demand

TOP

Products/Services

product
- Macnica Attack Surface Management

User stories

Seminar content

Document request

inquiry

Event/Seminar

video on demand

Macnica Attack Surface Management

React2Shell vulnerability detection now available

Macnica ASM can now detect React2Shell/CVE-2025-55182, a vulnerability that has been reported in numerous cases both domestically and internationally.

On December 3, 2025, an unauthenticated remote code execution vulnerability in React Server Components (CVE-2025-55182/commonly known as React2Shell) was made public ^*1. Since then, various threat actors have been exploiting this vulnerability in attacks, and numerous cases of intrusions have been reported both domestically and internationally.

As of December 8, 2025, Macnica Attack Surface Management (hereinafter referred to as Macnica ASM) provided by Macnica has been able to investigate this vulnerability.

React is a library that is widely used when building websites and web applications. Our own research has confirmed that approximately 90% of Japanese companies surveyed use React or React-based frameworks such as Next.js.

If you investigate usage within your organization and find that a website is affected by the vulnerability, be sure to conduct a breach investigation (check for traces of attack) as widespread attacks have already occurred.

What is Macnica ASM?

Macnica was one of the first Japan to offer its self-developed ASM solution in June 2021. Macnica ASM provides accurate and comprehensive research by using proprietary AI-driven tools that leverage the knowledge of the Macnica Security Research Center, as well as expert investigations as needed. It is now possible to identify assets including overseas bases, such as domains and stray servers that customers do not know themselves, and effectively deal with high-risk assets based on unique risk indicators that take into account attacker trends.

In addition, we are also focusing on expanding our functionality by providing a patent-pending method for safely identifying vulnerabilities in VPN devices and other devices from outside, as well as a web portal designed specifically for ASM operations.

For more information on Macnica ASM, click here

https://www.macnica.co.jp/business/security/manufacturers/macnicaasm/asm.html

*1 JPCERT Coordination Center, "React Server Components Vulnerability (CVE-2025-55182)"

Inquiry/Document request

Macnica Macnica ASM

inquiry Document request

TEL：045-476-2010
E-mail：sec-service@macnica.co.jp

Weekdays: 9:00-17:00